From owner-freebsd-security  Sun Nov 17 19:36:07 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id TAA05573
          for security-outgoing; Sun, 17 Nov 1996 19:36:07 -0800 (PST)
Received: from genesis.atrad.adelaide.edu.au (genesis.atrad.adelaide.edu.au [129.127.96.120])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id TAA05539
          for <freebsd-security@FreeBSD.org>; Sun, 17 Nov 1996 19:35:50 -0800 (PST)
Received: (from msmith@localhost) by genesis.atrad.adelaide.edu.au (8.8.2/8.7.3) id OAA17231; Mon, 18 Nov 1996 14:05:05 +1030 (CST)
From: Michael Smith <msmith@atrad.adelaide.edu.au>
Message-Id: <199611180335.OAA17231@genesis.atrad.adelaide.edu.au>
Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2).
In-Reply-To: <E0vPJrb-0003cC-00@rover.village.org> from Warner Losh at "Nov 17, 96 07:55:10 pm"
To: imp@village.org (Warner Losh)
Date: Mon, 18 Nov 1996 14:05:04 +1030 (CST)
Cc: newton@communica.com.au, batie@agora.rdrop.com, adam@homeport.org,
        pgiffuni@fps.biblos.unal.edu.co, freebsd-security@FreeBSD.org
X-Mailer: ELM [version 2.4ME+ PL28 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-security@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

Warner Losh stands accused of saying:
> 
> I don't buy this.  You need to be able to create a mailbox of an
> arbitrary user, and then write to that mailbox with that user's uid,
> or to a shell of that user's uid.  To do otherwise would introduce
> other security problems, some of which have been beat to death in the
> freebsd lists.
> 
> What am I missing?

mail.local.

Mark's sense of warmth is perhaps slightly over-smug, but his point is
valid.  In fact, if it were possible to be non-root and bind to port 25,
then sendmail could be run non-root in daemon mode and not be called from
cron (which Mark omitted to mention).

> Warner

-- 
]] Mike Smith, Software Engineer        msmith@gsoft.com.au             [[
]] Genesis Software                     genesis@gsoft.com.au            [[
]] High-speed data acquisition and      (GSM mobile)     0411-222-496   [[
]] realtime instrument control.         (ph)          +61-8-8267-3493   [[
]] Unix hardware collector.             "Where are your PEZ?" The Tick  [[