Date: Fri, 10 Jan 1997 10:19:18 +0100 From: Pierre.Beyssac@hsc.fr (Pierre Beyssac) To: roberto@keltia.freenix.fr (Ollivier Robert) Cc: freebsd-security@freebsd.org Subject: Re: sendmail running non-root SUCCESS! Message-ID: <Mutt.19970110101918.pb@sidhe.hsc.fr> In-Reply-To: <Mutt.19970109200412.roberto@keltia.freenix.fr>; from Ollivier Robert on Jan 9, 1997 20:04:12 %2B0100 References: <Mutt.19970109114424.pb@sidhe.hsc.fr> <199701091347.IAA23487@homeport.org> <Mutt.19970109153512.pb@sidhe.hsc.fr> <Mutt.19970109200412.roberto@keltia.freenix.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
According to Ollivier Robert: > According to Pierre Beyssac: > > Not exactly (though I don't know procmail well enough: maybe it > > can do that too). > > Look on your own machine Pierre, that's the way I set it up when it was > mine :-) The way to do it is to use FEATURE(local_procmail). Maybe I was unclear, but I was not considering the 'local' mailer, since as far as I know it doesn't require sendmail to be setuid. I was talking about the 'prog' mailer and as far as I know and unless I missed something, procmail can't handle that. > > sendmail could process the .forward as usual, but it would > > call the external prog mailer to ask it to run "/home/user/bin/myownstuff" > > as "user" and pipe the mail to it. > > It is very easy to implement (winthin sendmail). Now, where is the patch > for the run-as-user program ? :-) Patch? It would take a little more than a patch, I'm affraid ;-)! The run-as-user program would have to be setuid, with some kind of access checking more complicated than just checking that sendmail is calling it (or we're almost back to square one with sendmail holes). > > I don't know how easy it would be to make this secure, it's just an > > idea. My feeling is that it should be possible to define something > > more modular than sendmail, with only very few parts setuid inside. > > That's Qmail for you. Uh, okay, when Qmail will be configuration-compatible with sendmail, we can talk about it. In the meanwhile, why not try to fix sendmail by improving its implementation somewhat? There certainly are other options than dropping sendmail alltogether on the premise that it's broken. If it's broken, it should be fixed. -- Pierre.Beyssac@hsc.fr
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Mutt.19970110101918.pb>