Date: Tue, 10 Dec 1996 15:08:54 -0700 (MST) From: Marc Slemko <marcs@znep.com> To: Guido van Rooij <guido@gvr.win.tue.nl> Cc: bmk@pobox.com, security@freebsd.org Subject: Re: Running sendmail non-suid Message-ID: <Pine.BSF.3.95.961210150443.22425B-100000@alive.ampr.ab.ca> In-Reply-To: <199612102126.WAA17440@gvr.win.tue.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 10 Dec 1996, Guido van Rooij wrote: > > > > I don't believe that running sendmail from inetd will be a viable option - > > anticipated load is too high. What I will likely do is run it non-suid, > > but start it as root, and give up root privelege as soon as the port is > > bound. I'd rather not muck around in the kernel. > > I thought there is an option nowadays that does exactly this: > > O RunAsUser=<username> Not really. From the RELEASE_NOTES: Add new RunAsUser option; this causes sendmail to do a setuid to that user early in processing to avoid potential security problems. However, this means that all .forward and :include: files must be readable by that user, and on systems that don't support the saved uid bit properly, all files to be written must be writable by that user and all programs will be executed by that user. It is also incompatible with the SafeFileEnvironment option. In other words, it may not actually add much to security. However, it should be useful on firewalls and other places where users don't have accounts and the aliases file is well constrained. It runs more as root than alternative solutions. grep the sources for RunAsUid to see where it actually does the switches.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.961210150443.22425B-100000>