Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 25 Nov 1996 15:04:54 +1030 (CST)
From:      Michael Smith <msmith@atrad.adelaide.edu.au>
To:        jkh@time.cdrom.com (Jordan K. Hubbard)
Cc:        hackers@freebsd.org, newton@communica.com.au
Subject:   Re: Replacing sendmail (Re: non-root users binding to ports < 1024 (was: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2
Message-ID:  <199611250434.PAA27300@genesis.atrad.adelaide.edu.au>
In-Reply-To: <4572.848895649@time.cdrom.com> from "Jordan K. Hubbard" at "Nov 24, 96 08:20:49 pm"
next in thread | previous in thread | raw e-mail | index | archive | help 
Jordan K. Hubbard stands accused of saying:
> 
> No, seriously, sounds pretty neat just so long as starting sendmail
> from /usr/local/etc/rc.d doesn't hose anything - I haven't looked to
> see at which stage it's started in /etc/rc, but if there are any
> ordering dependencies there then they might hose us.  Just something
> to watch for.

I had no intention of starting sendmail from /usr/local/etc/rc.d; it's
still a part of the base system, and should still be started out of
/etc/rc.  I was just going to change the startup conditional for it to
conform to the new model, so that if 'mailer' was set to "qmail",
sendmail would not start.

The other change would be to check 'sendmail_flags' and if it was 
nonempty set 'mailer' to "sendmail" and copy 'mailerflags' to suit, in
order to maintain backwards compatability.  I religiously update /etc/rc
these days, but often leave a stale /etc/sysconfig lying around.

I'd also appreciate input from anyone that can see a problem with having
sendmail lying around but not running; if it's thought that this is still
a security risk, then there should be a comment in the handbook section
on mailer security suggesting that it be disabled (nuked, re-moded, etc.).

Newt, perhaps you could spare a few neurons to put some words together
on this topic?  (If you haven't been following the thread, I'll brief
you offline...)

> 					Jordan

-- 
]] Mike Smith, Software Engineer        msmith@gsoft.com.au             [[
]] Genesis Software                     genesis@gsoft.com.au            [[
]] High-speed data acquisition and      (GSM mobile)     0411-222-496   [[
]] realtime instrument control.         (ph)          +61-8-8267-3493   [[
]] Unix hardware collector.             "Where are your PEZ?" The Tick  [[

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199611250434.PAA27300>