From owner-freebsd-bugs Sun Mar 23 07:23:14 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id HAA09782 for bugs-outgoing; Sun, 23 Mar 1997 07:23:14 -0800 (PST) Received: from spinner.DIALix.COM (root@spinner.dialix.com [192.203.228.67]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id HAA09766; Sun, 23 Mar 1997 07:22:41 -0800 (PST) Received: from spinner.DIALix.COM (peter@localhost.DIALix.oz.au [127.0.0.1]) by spinner.DIALix.COM (8.8.5/8.8.5) with ESMTP id XAA05026; Sun, 23 Mar 1997 23:20:34 +0800 (WST) Message-Id: <199703231520.XAA05026@spinner.DIALix.COM> X-Mailer: exmh version 2.0gamma 1/27/96 To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch) cc: dv@kis.ru (Dmitry Valdov), freebsd-bugs@freebsd.org, security-officer@freebsd.org Subject: Re: sendmail can't create PID file because of owner permission of /var/run In-reply-to: Your message of "Sun, 23 Mar 1997 15:35:19 +0100." <19970323153519.BW27841@uriah.heep.sax.de> Date: Sun, 23 Mar 1997 23:20:33 +0800 From: Peter Wemm Sender: owner-bugs@freebsd.org X-Loop: FreeBSD.org Precedence: bulk J Wunsch wrote: > As Dmitry Valdov wrote: > > > sendmail doesn't create sendmai.pid file > > if /var/run directory owned by other than root. Default owner of /var/run i n > > 2.2R is 'bin'. The problem appears in 2.1.5R too. > > sendmail version is 8.8.5 > > > > Workaround: > > chown root:bin /var/run > > safefile() in sendmail/src/util.c goes great lengths to ensure files > are only attempted to be opened if the permissions of the directory > allow this. Anyway, it looks as if it requires any directory to be > world-writeable if the directory is not owned by the owner of the > requesting process -- even if the owner is root. I'm not sure > wheather this is a bug or a feature. The following diff fixes this, > but i'm not 100 % sure wheather this fix is right or not. Hmm.. this makes me rather nervous.. safefile() is a sensative component of the security system in sendmail to avoid .forward security holes and so on. Any changes here could have devastating consequences. IMHO, this patch is going 180 degrees in the wrong direction. We should have the system directories and binaries root:bin and not group writeable. NFS access makes uid and gid bin far too vulnerable. Cheers, -Peter