From owner-freebsd-stable Fri Mar 29 11:10:49 2002 Delivered-To: freebsd-stable@freebsd.org Received: from voi.aagh.net (pc1-hart4-0-cust168.mid.cable.ntl.com [62.254.84.168]) by hub.freebsd.org (Postfix) with ESMTP id 819E037B42F for ; Fri, 29 Mar 2002 11:10:21 -0800 (PST) Received: from freaky by voi.aagh.net with local (Exim 3.35 #1) id 16r1lU-0004Cx-00 for stable@FreeBSD.ORG; Fri, 29 Mar 2002 19:10:20 +0000 Date: Fri, 29 Mar 2002 19:10:20 +0000 From: Thomas Hurst To: stable@FreeBSD.ORG Subject: Re: sendmail_enable NONE Message-ID: <20020329191019.GA11194@voi.aagh.net> Mail-Followup-To: stable@FreeBSD.ORG References: <20020328163551.B77823@shell.wetworks.org> <20020327154948.26668.qmail@web11602.mail.yahoo.com> <20020327115442.C27253@shell.one.net> <000c01c1d5bb$38e336e0$11fd2fd8@westbend.net> <20020327200304.C43825@mail.webmonster.de> <20020328133020.B6416@hub.freebsd.org> <20020328163551.B77823@shell.wetworks.org> <20020328223826.F28059@freebie.xs4all.nl> <5.1.0.14.0.20020328154728.04ac2668@pop3s.schulte.org> <20020328141846.B15442@Odin.AC.HMC.Edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020328141846.B15442@Odin.AC.HMC.Edu> User-Agent: Mutt/1.3.28i Organization: Not much. X-Operating-System: FreeBSD/4.5-PRERELEASE (i386) X-Uptime: 6:37PM up 99 days, 3:22, 3 users, load averages: 2.07, 2.05, 2.02 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG * Brooks Davis (brooks@one-eyed-alien.net) wrote: > On Thu, Mar 28, 2002 at 03:51:50PM -0600, Christopher Schulte wrote: > > Some local root exploits can be prevented if unused setuid binaries > > have the bit removed. Thus if sendmail is not used (but you want to > > keep the binary around just in case) just chmod -s. > > Given that the cause of the pain revolving around the 8.12 MFC was > removing the setuid bit to sendmail, these comments are just a bit > inane. Most people who don't use sendmail probably set NO_SENDMAIL in their make.conf, so any such changes are pretty much irrelevent to them. As for other utilities (like jot) being unused; there's a huge difference between a little 8.5k tool and a multi-MB daemon with a history of vulnerabilities. The rc.conf changes are a bit ugly imo too; sendmail_enable=NO now means "start only some of sendmail" instead of "don't start sendmail", which is totally against the grain of the entire rc system. Users who set sendmail_enable=NO will now get bitten because they may well assume that covers everything in sendmail; I'd rather that be a meta-knob that enables the rest of the sendmail system, ala: if sendmail_enable=YES # check the rest of the sendmail_knobs fi This way users who disabled sendmail see no difference, and those who have it enabled, er, see no difference; if they're going to get confused over the new knobs beind disabled by the meta-knob, at least they're likely to read sendmail related stuff in UPDATING etc, which is far better than those who don't use sendmail finding themselves running daemons they don't want and which may pose a security hazard. -- Thomas 'Freaky' Hurst - freaky@aagh.net - http://www.aagh.net/ - I wouldn't recommend sex, drugs or insanity for everyone, but they've always worked for me. -- Hunter S. Thompson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message