From owner-freebsd-security Mon Dec 9 14:38:08 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id OAA06567 for security-outgoing; Mon, 9 Dec 1996 14:38:08 -0800 (PST) Received: from passer.osg.gov.bc.ca (0@passer.osg.gov.bc.ca [142.32.110.29]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id OAA06547 for ; Mon, 9 Dec 1996 14:37:47 -0800 (PST) Received: from localhost (15005@localhost [127.0.0.1]) by passer.osg.gov.bc.ca (8.8.4/8.6.10) with SMTP id OAA18521; Mon, 9 Dec 1996 14:36:09 -0800 (PST) From: Cy Schubert - ITSD Open Systems Group Message-Id: <199612092236.OAA18521@passer.osg.gov.bc.ca> X-Authentication-Warning: passer.osg.gov.bc.ca: 15005@localhost [127.0.0.1] didn't use HELO protocol Reply-to: cschuber@uumail.gov.bc.ca X-Mailer: MH X-Sender: cschuber To: bmk@pobox.com cc: cschuber@uumail.gov.bc.ca, security@freebsd.org Subject: Re: Running sendmail non-suid In-reply-to: Your message of "Mon, 09 Dec 96 14:33:29 PST." <199612092233.OAA13422@itchy.atlas.com> Date: Mon, 09 Dec 96 14:36:09 -0800 X-Mts: smtp Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > > consensus has usually been that this approach is less secure because it is > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > easier to gain access to a user account than root. > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > I'm curious as to the reasoning behind this statement. I've heard it > before but never a full explaination. NFS! Please see my previous note about this. Regards, Phone: (250)387-8437 Cy Schubert OV/VM: BCSC02(CSCHUBER) Open Systems Support BITNET: CSCHUBER@BCSC02.BITNET ITSD Internet: cschuber@uumail.gov.bc.ca cschuber@bcsc02.gov.bc.ca "Quit spooling around, JES do it."