Date: Tue, 23 Apr 1996 19:28:53 +0200 (MET DST) From: J Wunsch <j@uriah.heep.sax.de> To: freebsd-hackers@freebsd.org (FreeBSD hackers) Cc: henrich@crh.cl.msu.edu (Charles Henrich) Subject: Re: .forward and sendmail? Message-ID: <199604231728.TAA23187@uriah.heep.sax.de> In-Reply-To: <199604231358.JAA05012@crh.cl.msu.edu> from "Charles Henrich" at Apr 23, 96 09:58:33 am
next in thread | previous in thread | raw e-mail | index | archive | help
As Charles Henrich wrote:
> Yes but think about it, .forwards WILL NOT WORK USUALLY EVER if
> sendmail doesnt read .forward's as root! Most home directories are
> 700! This is a *bug* not a feature.
You might call it a bug. Make your home dirs 0711, or use a separate
alias database, or make your sendmail vulnerable if you don't like it.
Eric Allman's READ_ME makes it absolutely clear that he considers it a
security feature:
HASSETREUID Define this if you have setreuid(2) ***AND*** root can
use setreuid to change to an arbitrary user. [...]
[...] Setting this improves the
security, since sendmail doesn't have to read .forward
and :include: files as root. There are certain attacks
that may be unpreventable without this call.
I don't think you will find anybody here supporting your opinion.
--
cheers, J"org
joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE
Never trust an operating system you don't have sources for. ;-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199604231728.TAA23187>