Date: Mon, 9 Dec 1996 14:49:39 -0500 (EST) From: Adam Shostack <adam@homeport.org> To: bmk@pobox.com Cc: security@freebsd.org Subject: Re: Running sendmail non-suid Message-ID: <199612091950.OAA03744@homeport.org> In-Reply-To: <199612091809.KAA11729@itchy.atlas.com> from Brant Katkansky at "Dec 9, 96 10:09:55 am"
next in thread | previous in thread | raw e-mail | index | archive | help
Why not use smap from the fwtk (ftp.tis.com) to bind to port 25, and then process the queued mail with sendmail? Adam Brant Katkansky wrote: | I'm setting up an internet-connected mail hub, and I'd like to run | sendmail not suid root. I won't be needing any ~/.forward nonsense, | as this machine will have no users at all, and will only forward mail | based on /etc/aliases. There will be no local mailboxes on this machine | at all. | | My intention for running sendmail without suid set is so that I can | hopefully avoid some of the security problems that we've seen with | sendmail in the past. | | Ideally, what I'd like to do is have sendmail running as root only long | enough to bind to the smtp port, and then give up root, never to have | it back. Preferably, running as 'nobody' or some other 'safe' user. | | Has anyone actually done this? Any advice or gotchas to look out for? | Am I insane for wanting to do this? | | -- Brant Katkansky (bmk@pobox.com, brantk@atlas.com) | Software Engineer, ADC | -- "It is seldom that liberty of any kind is lost all at once." -Hume
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199612091950.OAA03744>