From owner-freebsd-security Tue Dec 10 13:28:13 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id NAA02463 for security-outgoing; Tue, 10 Dec 1996 13:28:13 -0800 (PST) Received: from gvr.win.tue.nl (root@gvr.win.tue.nl [131.155.210.19]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id NAA02455 for ; Tue, 10 Dec 1996 13:28:10 -0800 (PST) Received: (from guido@localhost) by gvr.win.tue.nl (8.8.4/8.8.2) id WAA17440; Tue, 10 Dec 1996 22:26:57 +0100 (MET) From: Guido van Rooij Message-Id: <199612102126.WAA17440@gvr.win.tue.nl> Subject: Re: Running sendmail non-suid In-Reply-To: <199612102027.MAA14200@itchy.atlas.com> from Brant Katkansky at "Dec 10, 96 12:27:53 pm" To: bmk@pobox.com Date: Tue, 10 Dec 1996 22:26:57 +0100 (MET) Cc: marcs@znep.com, cschuber@uumail.gov.bc.ca, bmk@pobox.com, security@freebsd.org X-Mailer: ELM [version 2.4ME+ PL28 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > > I don't believe that running sendmail from inetd will be a viable option - > anticipated load is too high. What I will likely do is run it non-suid, > but start it as root, and give up root privelege as soon as the port is > bound. I'd rather not muck around in the kernel. I thought there is an option nowadays that does exactly this: O RunAsUser= -Guido