Date: Thu, 09 Jan 1997 14:08:47 -0500 From: Dan Cross <tenser@spitfire.ecsel.psu.edu> To: Lyndon Nerenberg <lyndon@esys.ca> Cc: Jimbo Bahooli <moke@fools.ecpnet.com>, freebsd-security@FreeBSD.ORG Subject: Re: sendmail running non-root SUCCESS! Message-ID: <19970109190847.12307.qmail@spitfire.ecsel.psu.edu> In-Reply-To: Your message of "Thu, 09 Jan 1997 10:31:09 MST." <SIMEON.9701091009.B24868@cezanne.esys.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
> Which can be handled by having "program" alias messages (should the > site choose to allow them) dumped into a seperate queue that is run by > a root process whose sole purpose is to execute programs on the users > behalf. This is the only part of the traditional sendmail chain that > *requires* it (sendmail) to run as root. Splitting that functionality > out into a seperate, tiny, single-purpose program makes a lot more > sense from a security perspective. Which is what qmail already does. (Along with many other things that sendmail doesn't do, or doesn't do as well). Perhaps I'm being naive here, but what's the pressure to stick with sendmail? Why not move to a more reliable and efficient MTA, like Qmail? - Dan C.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970109190847.12307.qmail>