Date: Tue, 10 Dec 1996 12:27:53 -0800 (PST) From: "Brant Katkansky" <bmk@pobox.com> To: marcs@znep.com (Marc Slemko) Cc: cschuber@uumail.gov.bc.ca, bmk@pobox.com, security@freebsd.org Subject: Re: Running sendmail non-suid Message-ID: <199612102027.MAA14200@itchy.atlas.com> In-Reply-To: <Pine.BSF.3.95.961209172407.15993A-100000@alive.ampr.ab.ca> from Marc Slemko at "Dec 9, 96 05:48:30 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> On Mon, 9 Dec 1996, Cy Schubert - ITSD Open Systems Group wrote: > > > > [running sendmail not suid-root] > > > Has anyone actually done this? Any advice or gotchas to look out for? > > > Am I insane for wanting to do this? > > You are very sane to want to do this. Everyone else is insane. And I'm > serious about that. Someone should put together a document on making > sendmail run as a non-root uid. Another thing I'm thinking of playing > with sometime. > > If you want something smap like, without the licensing restrictions, you > could look at smtpd from ftp://ftp.obtuse.com/pub/smtpd. I'll take a look at this, thanks. > > > > > First you will need to create an smtp account. > > > > Next, chown /var/spool/mqueue, /var/mail, and /usr/sbin/sendmail to user > > smtp. > > > > Run a cronjob out of root's cron every 5 minutes to process the queue. > > You are missing something here WRT how to have sendmail bind to port 25. > There are three likely ways; have it run as root long enough to bind in a > similar fashion to most webservers, run it from inetd, or modify the > kernel to let a particular non-root user bind to port 25. If you have > sendmail running as a daemon using either the first or third methods, you > don't need to run sendmail from cron. I don't believe that running sendmail from inetd will be a viable option - anticipated load is too high. What I will likely do is run it non-suid, but start it as root, and give up root privelege as soon as the port is bound. I'd rather not muck around in the kernel. One thing I'd like to know is this: Once a process has changed it's effective UID to something other than root, can it ever change it's effective UID? -- Brant Katkansky (bmk@pobox.com, brantk@atlas.com) Software Engineer, ADC
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199612102027.MAA14200>