Date: Mon, 9 Dec 1996 10:09:55 -0800 (PST) From: "Brant Katkansky" <bmk@pobox.com> To: security@freebsd.org Subject: Running sendmail non-suid Message-ID: <199612091809.KAA11729@itchy.atlas.com>
next in thread | raw e-mail | index | archive | help
I'm setting up an internet-connected mail hub, and I'd like to run sendmail not suid root. I won't be needing any ~/.forward nonsense, as this machine will have no users at all, and will only forward mail based on /etc/aliases. There will be no local mailboxes on this machine at all. My intention for running sendmail without suid set is so that I can hopefully avoid some of the security problems that we've seen with sendmail in the past. Ideally, what I'd like to do is have sendmail running as root only long enough to bind to the smtp port, and then give up root, never to have it back. Preferably, running as 'nobody' or some other 'safe' user. Has anyone actually done this? Any advice or gotchas to look out for? Am I insane for wanting to do this? -- Brant Katkansky (bmk@pobox.com, brantk@atlas.com) Software Engineer, ADC
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199612091809.KAA11729>