Date: Sun, 9 Jun 1996 20:57:56 -0400 (EDT) From: Brian Tao <taob@io.org> To: FREEBSD-SECURITY-L <freebsd-security@freebsd.org> Subject: setuid root sendmail vs. mode 1733 /var/spool/mqueue? Message-ID: <Pine.NEB.3.92.960609205024.8414G-100000@zap.io.org>
next in thread | raw e-mail | index | archive | help
I accidentally went a bit too far today when looking for setuid-
related attacks on our 2.2-SNAP shell servers and took the setuid bit
off /usr/sbin/sendmail. I only noticed after the schg flag was
slapped on everything. :(
People were getting 'queuename: Cannot create "qfUAA08787" in
"/var/spool/mqueue" (euid=935):' errors for obvious reasons. Since I
didn't want to reboot the shell servers just to chmod sendmail, I
decided to chmod 1733 /var/spool/mqueue instead:
drwx-wx-wt 2 root daemon 2560 Jun 9 20:52 /var/spool/mqueue
This allows the non-root sendmails to queue outgoing messages, but
prevents other users from snooping the mail spool (mailq is disabled
here, and it looks like queue files are mode 600 anyway).
The shell servers don't receive any mail themselves, and sendmail
runs with a queue processing interval of 5 minutes. Any comments on
the validity of my actions? It seems pretty safe to me, and it
removes another setuid binary.
--
Brian Tao (BT300, taob@io.org, taob@ican.net)
Systems and Network Administrator, Internet Canada Corp.
"Though this be madness, yet there is method in't"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.92.960609205024.8414G-100000>