From owner-freebsd-security Sun Nov 17 19:40:11 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id TAA05797 for security-outgoing; Sun, 17 Nov 1996 19:40:11 -0800 (PST) Received: from homeport.org (lighthouse.homeport.org [205.136.65.198]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id TAA05766 for ; Sun, 17 Nov 1996 19:40:04 -0800 (PST) Received: (adam@localhost) by homeport.org (8.6.9/8.6.9) id WAA10831; Sun, 17 Nov 1996 22:35:08 -0500 From: Adam Shostack Message-Id: <199611180335.WAA10831@homeport.org> Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). In-Reply-To: <199611180335.OAA17231@genesis.atrad.adelaide.edu.au> from Michael Smith at "Nov 18, 96 02:05:04 pm" To: msmith@atrad.adelaide.edu.au (Michael Smith) Date: Sun, 17 Nov 1996 22:35:07 -0500 (EST) Cc: freebsd-security@FreeBSD.org X-Mailer: ELM [version 2.4ME+ PL27 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk smap/smapd (from the TIS firewall toolkit) can handle mail delivery services & binding to port 25. They're designed for security. Adam Michael Smith wrote: | Warner Losh stands accused of saying: | > I don't buy this. You need to be able to create a mailbox of an | > arbitrary user, and then write to that mailbox with that user's uid, | > or to a shell of that user's uid. To do otherwise would introduce | > other security problems, some of which have been beat to death in the | > freebsd lists. | > What am I missing? | mail.local. | | Mark's sense of warmth is perhaps slightly over-smug, but his point is | valid. In fact, if it were possible to be non-root and bind to port 25, | then sendmail could be run non-root in daemon mode and not be called from | cron (which Mark omitted to mention). -- "It is seldom that liberty of any kind is lost all at once." -Hume