Date: Sun, 17 Nov 1996 22:35:07 -0500 (EST) From: Adam Shostack <adam@homeport.org> To: msmith@atrad.adelaide.edu.au (Michael Smith) Cc: freebsd-security@FreeBSD.org Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). Message-ID: <199611180335.WAA10831@homeport.org> In-Reply-To: <199611180335.OAA17231@genesis.atrad.adelaide.edu.au> from Michael Smith at "Nov 18, 96 02:05:04 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
smap/smapd (from the TIS firewall toolkit) can handle mail delivery services & binding to port 25. They're designed for security. Adam Michael Smith wrote: | Warner Losh stands accused of saying: | > I don't buy this. You need to be able to create a mailbox of an | > arbitrary user, and then write to that mailbox with that user's uid, | > or to a shell of that user's uid. To do otherwise would introduce | > other security problems, some of which have been beat to death in the | > freebsd lists. | > What am I missing? | mail.local. | | Mark's sense of warmth is perhaps slightly over-smug, but his point is | valid. In fact, if it were possible to be non-root and bind to port 25, | then sendmail could be run non-root in daemon mode and not be called from | cron (which Mark omitted to mention). -- "It is seldom that liberty of any kind is lost all at once." -Hume
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199611180335.WAA10831>