Date: Fri, 29 Mar 2002 19:10:20 +0000 From: Thomas Hurst <tom.hurst@clara.net> To: stable@FreeBSD.ORG Subject: Re: sendmail_enable NONE Message-ID: <20020329191019.GA11194@voi.aagh.net> In-Reply-To: <20020328141846.B15442@Odin.AC.HMC.Edu> References: <20020328163551.B77823@shell.wetworks.org> <20020327154948.26668.qmail@web11602.mail.yahoo.com> <20020327115442.C27253@shell.one.net> <000c01c1d5bb$38e336e0$11fd2fd8@westbend.net> <20020327200304.C43825@mail.webmonster.de> <20020328133020.B6416@hub.freebsd.org> <20020328163551.B77823@shell.wetworks.org> <20020328223826.F28059@freebie.xs4all.nl> <5.1.0.14.0.20020328154728.04ac2668@pop3s.schulte.org> <20020328141846.B15442@Odin.AC.HMC.Edu>
next in thread | previous in thread | raw e-mail | index | archive | help
* Brooks Davis (brooks@one-eyed-alien.net) wrote:
> On Thu, Mar 28, 2002 at 03:51:50PM -0600, Christopher Schulte wrote:
> > Some local root exploits can be prevented if unused setuid binaries
> > have the bit removed. Thus if sendmail is not used (but you want to
> > keep the binary around just in case) just chmod -s.
>
> Given that the cause of the pain revolving around the 8.12 MFC was
> removing the setuid bit to sendmail, these comments are just a bit
> inane.
Most people who don't use sendmail probably set NO_SENDMAIL in their
make.conf, so any such changes are pretty much irrelevent to them.
As for other utilities (like jot) being unused; there's a huge
difference between a little 8.5k tool and a multi-MB daemon with a
history of vulnerabilities.
The rc.conf changes are a bit ugly imo too; sendmail_enable=NO now means
"start only some of sendmail" instead of "don't start sendmail", which
is totally against the grain of the entire rc system. Users who set
sendmail_enable=NO will now get bitten because they may well assume
that covers everything in sendmail; I'd rather that be a meta-knob that
enables the rest of the sendmail system, ala:
if sendmail_enable=YES
# check the rest of the sendmail_knobs
fi
This way users who disabled sendmail see no difference, and those who
have it enabled, er, see no difference; if they're going to get confused
over the new knobs beind disabled by the meta-knob, at least they're
likely to read sendmail related stuff in UPDATING etc, which is far
better than those who don't use sendmail finding themselves running
daemons they don't want and which may pose a security hazard.
--
Thomas 'Freaky' Hurst - freaky@aagh.net - http://www.aagh.net/
-
I wouldn't recommend sex, drugs or insanity
for everyone, but they've always worked for me.
-- Hunter S. Thompson
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020329191019.GA11194>