Date: Tue, 23 Apr 1996 19:28:53 +0200 (MET DST) From: J Wunsch <j@uriah.heep.sax.de> To: freebsd-hackers@freebsd.org (FreeBSD hackers) Cc: henrich@crh.cl.msu.edu (Charles Henrich) Subject: Re: .forward and sendmail? Message-ID: <199604231728.TAA23187@uriah.heep.sax.de> In-Reply-To: <199604231358.JAA05012@crh.cl.msu.edu> from "Charles Henrich" at Apr 23, 96 09:58:33 am
next in thread | previous in thread | raw e-mail | index | archive | help
As Charles Henrich wrote: > Yes but think about it, .forwards WILL NOT WORK USUALLY EVER if > sendmail doesnt read .forward's as root! Most home directories are > 700! This is a *bug* not a feature. You might call it a bug. Make your home dirs 0711, or use a separate alias database, or make your sendmail vulnerable if you don't like it. Eric Allman's READ_ME makes it absolutely clear that he considers it a security feature: HASSETREUID Define this if you have setreuid(2) ***AND*** root can use setreuid to change to an arbitrary user. [...] [...] Setting this improves the security, since sendmail doesn't have to read .forward and :include: files as root. There are certain attacks that may be unpreventable without this call. I don't think you will find anybody here supporting your opinion. -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199604231728.TAA23187>