From owner-freebsd-security Mon Dec 9 10:06:23 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id KAA18821 for security-outgoing; Mon, 9 Dec 1996 10:06:23 -0800 (PST) Received: from itchy.atlas.com ([206.29.170.215]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id KAA18814 for ; Mon, 9 Dec 1996 10:06:21 -0800 (PST) Received: (from brantk@localhost) by itchy.atlas.com (8.8.0/8.8.0) id KAA11729 for security@freebsd.org; Mon, 9 Dec 1996 10:09:55 -0800 (PST) Message-Id: <199612091809.KAA11729@itchy.atlas.com> Subject: Running sendmail non-suid To: security@freebsd.org Date: Mon, 9 Dec 1996 10:09:55 -0800 (PST) Reply-To: bmk@pobox.com From: "Brant Katkansky" Reply-To: bmk@pobox.com X-Mailer: ELM [version 2.4ME+ PL22 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk I'm setting up an internet-connected mail hub, and I'd like to run sendmail not suid root. I won't be needing any ~/.forward nonsense, as this machine will have no users at all, and will only forward mail based on /etc/aliases. There will be no local mailboxes on this machine at all. My intention for running sendmail without suid set is so that I can hopefully avoid some of the security problems that we've seen with sendmail in the past. Ideally, what I'd like to do is have sendmail running as root only long enough to bind to the smtp port, and then give up root, never to have it back. Preferably, running as 'nobody' or some other 'safe' user. Has anyone actually done this? Any advice or gotchas to look out for? Am I insane for wanting to do this? -- Brant Katkansky (bmk@pobox.com, brantk@atlas.com) Software Engineer, ADC