From owner-freebsd-security Mon Dec 9 14:12:57 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id OAA05068 for security-outgoing; Mon, 9 Dec 1996 14:12:57 -0800 (PST) Received: from brimstone.gage.com (brimstone.gage.com [205.217.2.10]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id OAA05056 for ; Mon, 9 Dec 1996 14:12:53 -0800 (PST) Received: (from mail@localhost) by brimstone.gage.com (8.8.4/8.8.4) id QAA11165; Mon, 9 Dec 1996 16:12:22 -0600 (CST) Received: from octopus.gage.com(158.60.57.50) by brimstone.gage.com via smap (V2.0beta) id xma011163; Mon, 9 Dec 96 16:12:16 -0600 Received: from squid.gage.com (squid [158.60.57.101]) by octopus.gage.com (8.7.5/8.7.3) with SMTP id QAA21940; Mon, 9 Dec 1996 16:03:07 -0600 (CST) Received: from schemer by squid.gage.com (NX5.67e/NX3.0S) id AA16391; Mon, 9 Dec 96 16:03:06 -0600 Message-Id: <9612092203.AA16391@squid.gage.com> Received: by schemer.gage.com (NX5.67g/NX3.0X) id AA01380; Mon, 9 Dec 96 16:03:21 -0600 Content-Type: text/plain Mime-Version: 1.0 (NeXT Mail 4.0 v146.2) In-Reply-To: <199612092204.OAA18326@passer.osg.gov.bc.ca> X-Nextstep-Mailer: Mail 3.3 (Enhance 1.3) Received: by NeXT.Mailer (1.146.2) From: Ben Black Date: Mon, 9 Dec 96 16:03:20 -0600 To: cschuber@uumail.gov.bc.ca Subject: Re: Running sendmail non-suid Cc: bmk@pobox.com, security@freebsd.org References: <199612092204.OAA18326@passer.osg.gov.bc.ca> Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > On the surface this appears be the case, however if you NFS export a > filesystem that contains files owned by the smtp user, especially to a > system where someone else has root, you open your system to root > compromise. ah, NFS. say no more. i thought you meant in the context of a single machine. b3n