Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 3 Dec 1998 12:36:36 -0500 (EST)
From:      Robert Watson <robert@cyrus.watson.org>
To:        Bill Woodford <woodford@cc181716-a.hwrd1.md.home.com>
Cc:        ML FreeBSD Security <security@FreeBSD.ORG>
Subject:   Re: mail.local
Message-ID:  <Pine.BSF.3.96.981203123334.12137A-100000@fledge.watson.org>
In-Reply-To: <Pine.LNX.3.96.981203115141.7707B-100000@cc181716-a.hwrd1.md.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, 3 Dec 1998, Bill Woodford wrote:

> | Could somebody remind me of outcome of removing suid bit from mail.local
> | discussion?
> 
> Hmmm, if you remove it, I believe local mail delivery will cease due to
> permission problems.

That is my memory of the conclusions, at least when sendmail is not
executing mail.local.  If sendmail is executing it (and sendmail is
running as root) then I think it does behave correctly, at least when
sendmail is running as a daemon.  I'm not sure if it behaves correctly
when sendmail is running setuid from a normal user account as invoked by,
say, pine.  My feeling is more and more that we should be using protocols
such as IMAP for mail access rather than try to fit everything into the
context of file system permissions, as that requires us to come up with
warped program behavior  (such as making more things setuid than actually
need to be :).  It might be interesting to rewrite an imap daemon to use
UNIX daemon sockets and ephemeral credential information to authenticate
the user, and similarly have a local SMTP-style domain socket also using
ephemeral data for authentication.  BSD (and other Unices also) provide us
with a lot of tools to make life easier than we actually take advantage of
:).

  Robert N Watson 

robert@fledge.watson.org              http://www.watson.org/~robert/
PGP key fingerprint: 03 01 DD 8E 15 67 48 73  25 6D 10 FC EC 68 C1 1C

Carnegie Mellon University            http://www.cmu.edu/
TIS Labs at Network Associates, Inc.  http://www.tis.com/
SafePort Network Services             http://www.safeport.com/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.981203123334.12137A-100000>