From owner-freebsd-security Mon Dec 9 13:44:32 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id NAA02549 for security-outgoing; Mon, 9 Dec 1996 13:44:32 -0800 (PST) Received: from brimstone.gage.com (brimstone.gage.com [205.217.2.10]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id NAA02544 for ; Mon, 9 Dec 1996 13:44:30 -0800 (PST) Received: (from mail@localhost) by brimstone.gage.com (8.8.4/8.8.4) id PAA10919; Mon, 9 Dec 1996 15:43:49 -0600 (CST) Received: from octopus.gage.com(158.60.57.50) by brimstone.gage.com via smap (V2.0beta) id xma010917; Mon, 9 Dec 96 15:43:30 -0600 Received: from squid.gage.com (squid [158.60.57.101]) by octopus.gage.com (8.7.5/8.7.3) with SMTP id PAA21826; Mon, 9 Dec 1996 15:34:21 -0600 (CST) Received: from schemer by squid.gage.com (NX5.67e/NX3.0S) id AA16236; Mon, 9 Dec 96 15:34:19 -0600 Message-Id: <9612092134.AA16236@squid.gage.com> Received: by schemer.gage.com (NX5.67g/NX3.0X) id AA01345; Mon, 9 Dec 96 15:34:30 -0600 Content-Type: text/plain Mime-Version: 1.0 (NeXT Mail 4.0 v146.2) In-Reply-To: <199612092111.NAA17991@passer.osg.gov.bc.ca> X-Nextstep-Mailer: Mail 3.3 (Enhance 1.3) Received: by NeXT.Mailer (1.146.2) From: Ben Black Date: Mon, 9 Dec 96 15:34:29 -0600 To: cschuber@uumail.gov.bc.ca Subject: Re: Running sendmail non-suid Cc: bmk@pobox.com, security@freebsd.org References: <199612092111.NAA17991@passer.osg.gov.bc.ca> Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk >The general consensus has usually been that this approach is less secure >because it is easier to gain access to a user account than root. this still makes no sense at all. explain it, please. why would a user account managed just like the root account be any easier to hack? b3n