Date: Sat, 3 Mar 2001 15:13:09 -0800 From: "Crist J. Clark" <cjclark@reflexnet.net> To: Jamie Heckford <heckfordj@psi-domain.co.uk> Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Sendmail Question Message-ID: <20010303151309.M89396@rfx-216-196-73-168.users.reflex> In-Reply-To: <20010303143635.M3359@storm.psi-domain.co.uk>; from heckfordj@psi-domain.co.uk on Sat, Mar 03, 2001 at 02:36:35PM %2B0000 References: <20010303142510.K3359@storm.psi-domain.co.uk> <20010303143635.M3359@storm.psi-domain.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Mar 03, 2001 at 02:36:35PM +0000, Jamie Heckford wrote: > Quick update, I just set mail.local SUID. > > I noticed from reading /usr/src/UPDATING that this > was disabled (I built the sendmail binary and tools > myself) > > Just wondering, what was the reason for this? Will a > security vunrability arisin from setting mail.local > SUID? In /usr/src/contrib/sendmail/RELEASE_NOTES, 8.10.0/8.10.0 2000/03/01 . . . MAIL.LOCAL: Will not be installed setuid root. To use mail.local as local delivery agent without LMTP mode, use MODIFY_MAILER_FLAGS(`LOCAL', `+S') to set the S flag. This was a change in sendmail itself, not FreeBSD. The reason is that it should never have been setuid in the first place. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010303151309.M89396>