From owner-freebsd-security  Mon Dec  9 14:06:29 1996
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.4/8.8.4) id OAA04673
          for security-outgoing; Mon, 9 Dec 1996 14:06:29 -0800 (PST)
Received: from passer.osg.gov.bc.ca (0@passer.osg.gov.bc.ca [142.32.110.29])
          by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id OAA04650
          for <security@freebsd.org>; Mon, 9 Dec 1996 14:06:24 -0800 (PST)
Received: from localhost (15005@localhost [127.0.0.1]) by passer.osg.gov.bc.ca (8.8.4/8.6.10) with SMTP id OAA18326; Mon, 9 Dec 1996 14:04:51 -0800 (PST)
From: Cy Schubert - ITSD Open Systems Group <cschuber@uumail.gov.bc.ca>
Message-Id: <199612092204.OAA18326@passer.osg.gov.bc.ca>
X-Authentication-Warning: passer.osg.gov.bc.ca: 15005@localhost [127.0.0.1] didn't use HELO protocol
Reply-to: cschuber@uumail.gov.bc.ca
X-Mailer: MH
X-Sender: cschuber
To: Ben Black <black@squid.gage.com>
cc: cschuber@uumail.gov.bc.ca, bmk@pobox.com, security@freebsd.org
Subject: Re: Running sendmail non-suid 
In-reply-to: Your message of "Mon, 09 Dec 96 15:34:29 CST."
             <9612092134.AA16236@squid.gage.com> 
Date: Mon, 09 Dec 96 14:04:50 -0800
X-Mts: smtp
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

On the surface this appears be the case, however if you NFS export a
filesystem that contains files owned by the smtp user, especially to a
system where someone else has root, you open your system to root compromise.

If you do manage all of your NFS clients, you will need to make the same
change or risk being hacked via a setuid-root sendmail on the client.

If NFS would map all administrative accounts to nobody, I think you might be
reasonably safe.  The only NFS server I know that does this is Linux NFS
server.


Regards,                       Phone:  (250)387-8437
Cy Schubert                    OV/VM:  BCSC02(CSCHUBER)
Open Systems Support          BITNET:  CSCHUBER@BCSC02.BITNET
ITSD                        Internet:  cschuber@uumail.gov.bc.ca
                                       cschuber@bcsc02.gov.bc.ca

		"Quit spooling around, JES do it."

> >The general consensus has usually been that this approach is less secure  
> >because it is easier to gain access to a user account than root.
> 
> this still makes no sense at all.  explain it, please.  why would a user  
> account managed just like the root account be any easier to hack?
> 
> 
> 
> b3n