Date: Mon, 23 Jun 2003 15:06:33 -0600 From: Lyndon Nerenberg <lyndon@orthanc.ab.ca> To: Robert Watson <rwatson@freebsd.org> Cc: hackers@freebsd.org Subject: Re: Suid and gid files Message-ID: <918B4BF4-A5BE-11D7-8B4F-000393D34A62@orthanc.ab.ca> In-Reply-To: <Pine.NEB.3.96L.1030623112956.52424D-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > The one potentially problematic case that comes to mind is mail > submission > by sendmail; mechanisms such as cron, at, etc, expect to be able to > generate mail from unprivileged users and that may break if you use > sendmail as the MTA but without setuid. There are mail systems that > don't > require setuid, instead relying on LTMP, which might be preferable in > your > environment. I also find su very helpful, FWIW :-). > > You can solve this by having sendmail put up an SMTP listener on a > named socket. Create a directory /var/run/sendmail that is mode 755 > owned by the sendmail runtime user (smmsp), then have sendmail listen > on /var/run/sendmail/submission instead of port 25 (or 587). > > To make this useful to applications we would need a function (in > libutil?) that mail clients could call to do the dirty work of > submission. There are benefits to this approach over using > command-line sendmail to submit: the client can make use of SMTP > facilities such as DSNs, message tracking, delivery-by, etc. > > - --lyndon > > -----BEGIN PGP SIGNATURE----- > Version: PGP 8.0.2 - not licensed for commercial use: www.pgp.com > > iQA/AwUBPvdr1wqAE4lfBssoEQJxQgCfVD+371Qc/xaQXGc0KcpREY2LcIsAoO42 > x7RWNGMO1/VM5n0oJGgc/ulq > =ZYQI > -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?918B4BF4-A5BE-11D7-8B4F-000393D34A62>