Date: Mon, 9 Dec 1996 14:37:27 -0800 (PST) From: "Brant Katkansky" <bmk@pobox.com> To: cschuber@uumail.gov.bc.ca Cc: black@squid.gage.com, cschuber@uumail.gov.bc.ca, bmk@pobox.com, security@freebsd.org Subject: Re: Running sendmail non-suid Message-ID: <199612092237.OAA13473@itchy.atlas.com> In-Reply-To: <199612092204.OAA18326@passer.osg.gov.bc.ca> from Cy Schubert - ITSD Open Systems Group at "Dec 9, 96 02:04:50 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> On the surface this appears be the case, however if you NFS export a > filesystem that contains files owned by the smtp user, especially to a > system where someone else has root, you open your system to root compromise. > > If you do manage all of your NFS clients, you will need to make the same > change or risk being hacked via a setuid-root sendmail on the client. > > If NFS would map all administrative accounts to nobody, I think you might be > reasonably safe. The only NFS server I know that does this is Linux NFS > server. No NFS here. The product requirements specifically forbid it. :) -- Brant Katkansky (bmk@pobox.com, brantk@atlas.com) Software Engineer, ADC
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199612092237.OAA13473>