Date: Mon, 18 Nov 1996 22:21:49 -0700 (MST) From: Marc Slemko <marcs@znep.com> To: Poul-Henning Kamp <phk@critter.tfs.com> Cc: freebsd-security@FreeBSD.org Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). Message-ID: <Pine.BSF.3.95.961118220414.523B-100000@alive.ampr.ab.ca> In-Reply-To: <9172.848302243@critter.tfs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
All arguments about just how much of a MTA needs to bet setuid and why it can/can't be that way in real/fake life, do people think what phk suggests would be a useful thing, either as a seperate patch or in the base kernel? It is trivial to implement; took 10 minutes to hack together a limited version (ie. uses names like net.inet.tcp.uidforport_25 because I didn't feel like creating a new level just for my hack and all the ports aren't implemented). The biggest problem I see to implementing such a thing is that I can't see a pretty way to make it fit into the sysctl mold without having 1024 lines, one for each port < 1024. Anyone have any ideas on how to do that nicely or if 1024 lines is ok? On Mon, 18 Nov 1996, Poul-Henning Kamp wrote: > What we REALLY need, is a way for root, to hand out certain priviledges. > > Imagine this: > > sysctl -w net.inet.tcp.uidforport.25=`id -ur smtp` > sysctl -w net.inet.tcp.uidforport.20=`id -ur ftp` > sysctl -w net.inet.tcp.uidforport.21=`id -ur ftp` > sysctl -w net.inet.tcp.uidforport.119=`id -ur nntp` > > This means that users with UID smtp can bind to socket 25 (aka smtp), > and so on. Now sendmail NEVER needs to be root. > > How's that for security ?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.961118220414.523B-100000>