From owner-freebsd-security Thu Dec 3 12:09:05 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA15643 for freebsd-security-outgoing; Thu, 3 Dec 1998 12:09:05 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from rembrandt.esys.ca (rembrandt.esys.ca [198.161.92.18]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA15638 for ; Thu, 3 Dec 1998 12:09:03 -0800 (PST) (envelope-from lyndon@execmail.com) Received: from execmail.com (zappa.esys.ca [198.161.92.28]) by rembrandt.esys.ca (2.0.4/SMS 2.0.4) with ESMTP id NAA18594; Thu, 3 Dec 1998 13:08:36 -0700 Message-Id: <199812032008.NAA18594@rembrandt.esys.ca> Date: Thu, 3 Dec 1998 13:08:33 -0700 From: Lyndon Nerenberg Subject: Re: mail.local To: jbourne@affinity-systems.ab.ca cc: woodford@cc181716-a.hwrd1.md.home.com, security@FreeBSD.ORG In-Reply-To: MIME-Version: 1.0 Content-Type: TEXT/plain; CHARSET=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 3 Dec, Jim Bourne wrote: > > Say your sendmail runs as user mail group mail, it exec's mail.local and > feeds mail.local the text in question, mail.local then does a seteuid to the > user the mail is being delivered to and then revokes all other root > privledges and opens, writes, and closes the mail spool file. umm, IIRC > that is... Not any more. As of 8.9, mail.local has to handle multiple recipients (for LMTP). It explicitly chowns the mailbox files, and thus assumes it's being invoked as root. (Look inside the deliver() function for the details.) -- Finger lyndon@execmail.com for PGP key. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message