Date: Tue, 23 Apr 1996 05:32:42 +0200 (MET DST) From: J Wunsch <j@uriah.heep.sax.de> To: freebsd-hackers@freebsd.org (FreeBSD hackers) Cc: davidg@Root.COM, henrich@crh.cl.msu.edu Subject: Re: .forward and sendmail? Message-ID: <199604230332.FAA21276@uriah.heep.sax.de> In-Reply-To: <199604282251.PAA00388@Root.COM> from "David Greenman" at Apr 28, 96 03:51:41 pm
next in thread | previous in thread | raw e-mail | index | archive | help
As David Greenman wrote: > >I think it must be readable by `daemon' (and i would even call this a > >security feature, as opposed to reading the file with root > >privileges). Of course, your directory doesn't need to be readable by > >`daemon', it's sufficient if it is _search_able by him (e.g.., > >drwxr-x--x). > > sendmail is _supposed_ to run as suid root: Yes, but think about it. It reads the .forward with the identity of `daemon', not `root'. Otherwise, any user could link his ~/.forward to a file read-only for root, and try to figure out the contents of this file by sending mail to himself, and analyzing the bounces. Not that this will compromise the entire file, but that's why i wrote: ``I would call it a security feature.'' -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199604230332.FAA21276>