Date: Thu, 9 Jan 1997 20:04:12 +0100 From: roberto@keltia.freenix.fr (Ollivier Robert) To: freebsd-security@freebsd.org Subject: Re: sendmail running non-root SUCCESS! Message-ID: <Mutt.19970109200412.roberto@keltia.freenix.fr> In-Reply-To: <Mutt.19970109153512.pb@sidhe.hsc.fr>; from Pierre Beyssac on Jan 9, 1997 15:35:12 %2B0100 References: <Mutt.19970109114424.pb@sidhe.hsc.fr> <199701091347.IAA23487@homeport.org> <Mutt.19970109153512.pb@sidhe.hsc.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
According to Pierre Beyssac: > Not exactly (though I don't know procmail well enough: maybe it > can do that too). Look on your own machine Pierre, that's the way I set it up when it was mine :-) The way to do it is to use FEATURE(local_procmail). > sendmail could process the .forward as usual, but it would > call the external prog mailer to ask it to run "/home/user/bin/myownstuff" > as "user" and pipe the mail to it. It is very easy to implement (winthin sendmail). Now, where is the patch for the run-as-user program ? :-) > I don't know how easy it would be to make this secure, it's just an > idea. My feeling is that it should be possible to define something > more modular than sendmail, with only very few parts setuid inside. That's Qmail for you. Qmail would have been fine for most use in place of sendmail if it supported some more sendmail-compatible features like DSN, ESMTP, proper UUCP support and a simplier configuration system (I don't like the .qmail-foo-bar system). Even making the one mail/one recipient feature optional would be nice but Bernstein is too stubborn. -- Ollivier ROBERT -=- The daemon is FREE! -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 3.0-CURRENT #33: Sat Dec 21 12:57:17 CET 1996
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Mutt.19970109200412.roberto>