From owner-freebsd-security  Sun Nov 15 16:19:05 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id QAA23736
          for freebsd-security-outgoing; Sun, 15 Nov 1998 16:19:05 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA23726
          for <security@FreeBSD.ORG>; Sun, 15 Nov 1998 16:19:00 -0800 (PST)
          (envelope-from cy@cschuber.net.gov.bc.ca)
Received: (from daemon@localhost)
	by point.osg.gov.bc.ca (8.9.1/8.8.8) id QAA26323;
	Sun, 15 Nov 1998 16:18:35 -0800
Received: from cschuber.net.gov.bc.ca(142.31.240.113), claiming to be "cwsys.cwsent.com"
 via SMTP by point.osg.gov.bc.ca, id smtpda26321; Sun Nov 15 16:18:24 1998
Received: (from uucp@localhost)
	by cwsys.cwsent.com (8.9.1/8.9.1) id QAA06460;
	Sun, 15 Nov 1998 16:18:22 -0800 (PST)
Message-Id: <199811160018.QAA06460@cwsys.cwsent.com>
Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys"
 via SMTP by localhost.cwsent.com, id smtpdRb6456; Sun Nov 15 16:18:21 1998
X-Mailer: exmh version 2.0.2 2/24/98
Reply-to: Cy Schubert - ITSD Open Systems Group <cschuber@uumail.gov.bc.ca>
From: Cy Schubert - ITSD Open Systems Group <cschuber@uumail.gov.bc.ca>
X-Sender: cy
To: "Jordan K. Hubbard" <jkh@zippy.cdrom.com>
cc: security@FreeBSD.ORG
Subject: Re: "Todd C. Miller": sendmail changes in OpenBSD 2.4 
In-reply-to: Your message of "Sun, 15 Nov 1998 14:10:34 PST."
             <21235.911167834@zippy.cdrom.com> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Sun, 15 Nov 1998 16:18:20 -0800
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <21235.911167834@zippy.cdrom.com>, "Jordan K. Hubbard" 
writes:
> Hmmm.  This sounds like a rather large user hit to take, but one less
> suid root executable (and an end to the other problems described
> below) also has strong appeal.  Comments?

I like it.

On a tangent, I've implemented a non-suid sendmail on a testbed about a 
year ago.  It required that sendmail queue only, that sendmail process 
the queue from cron, and Obtuse Systems smtpd handle port 25.  Programs 
run via .forward, e.g. MH's slocal, initially broke.  Maybe this should 
be investigated further and possibly implemented.  (Yes I am aware of 
Qmail, one of my subordinates uses it on machines he manages.  That 
solution has its problems too.)


Regards,                       Phone:  (250)387-8437
Cy Schubert                      Fax:  (250)387-5766
Open Systems Group          Internet:  cschuber@uumail.gov.bc.ca
ITSD                                   Cy.Schubert@gems8.gov.bc.ca
Government of BC            


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message