Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 28 Mar 2002 15:51:50 -0600
From:      Christopher Schulte <schulte+freebsd@nospam.schulte.org>
To:        Wilko Bulte <wkb@freebie.xs4all.nl>, Alan Clegg <alan@clegg.com>
Cc:        stable@FreeBSD.ORG
Subject:   Re: sendmail_enable NONE
Message-ID:  <5.1.0.14.0.20020328154728.04ac2668@pop3s.schulte.org>
In-Reply-To: <20020328223826.F28059@freebie.xs4all.nl>
References:  <20020328163551.B77823@shell.wetworks.org> <20020327154948.26668.qmail@web11602.mail.yahoo.com> <20020327115442.C27253@shell.one.net> <000c01c1d5bb$38e336e0$11fd2fd8@westbend.net> <20020327200304.C43825@mail.webmonster.de> <20020328133020.B6416@hub.freebsd.org> <20020328163551.B77823@shell.wetworks.org>

next in thread | previous in thread | raw e-mail | index | archive | help
At 10:38 PM 3/28/2002 +0100, Wilko Bulte wrote:
>Basically: binaries sitting on a disk are harmless (but take space) as
>long as they don't get run.

Some local root exploits can be prevented if unused setuid binaries have 
the bit removed.  Thus if sendmail is not used (but you want to keep the 
binary around just in case) just chmod -s.

If I install postfix, I might not be keen on sendmail advisories, thinking 
I'm not affected because the daemon is not active.  Whoops, it was a local 
problem becuase I left the binary setuid root.

>--
>|   / o / /_  _                                 wilko@FreeBSD.org
>|/|/ / / /(  (_)  Bulte                         Arnhem, the Netherlands
>    We are FreeBSD.  Resistance is futile.  Prepare to be committed.

--
Christopher Schulte
http://www.schulte.org/
Do not un-munge my @nospam.schulte.org
email address.  This address is valid.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.0.20020328154728.04ac2668>