From owner-freebsd-security Mon Nov 16 10:48:01 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA14590 for freebsd-security-outgoing; Mon, 16 Nov 1998 10:48:01 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from rembrandt.esys.ca (rembrandt.esys.ca [198.161.92.18]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA14549 for ; Mon, 16 Nov 1998 10:47:57 -0800 (PST) (envelope-from lyndon@esys.ca) Received: from esys.ca (zappa.esys.ca [198.161.92.28]) by rembrandt.esys.ca (2.0.4/SMS 2.0.4) with ESMTP id LAA19471; Mon, 16 Nov 1998 11:47:26 -0700 Message-Id: <199811161847.LAA19471@rembrandt.esys.ca> Date: Mon, 16 Nov 1998 11:47:20 -0700 From: Lyndon Nerenberg Subject: Re: "Todd C. Miller": sendmail changes in OpenBSD 2.4 To: jkh@zippy.cdrom.com cc: security@FreeBSD.ORG In-Reply-To: <21235.911167834@zippy.cdrom.com> MIME-Version: 1.0 Content-Type: TEXT/plain; CHARSET=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 15 Nov, Jordan K. Hubbard wrote: > Hmmm. This sounds like a rather large user hit to take, but one less > suid root executable (and an end to the other problems described > below) also has strong appeal. Comments? > ------- Forwarded Message > In 2.4, /usr/libexec/mail.local is no longer setuid, to prevent its > abuse by users (trivial mail forgery, filling up /var/mail, etc). The downside here is that you can't deliver to multiple recipients via LMTP. For busy machines, where a significant portion of your local mail has multiple local RCPT TO's, you lose one of the major benefits of LMTP (multiple recipient delivery with a single fork/exec). It also means mode 777+sticky bit on /var/mail -- a denial of service waiting to happen. My preference would be for a mode 500 mail.local, owned by root, and with sendmail speaking to it via LMTP --lyndon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message