Date: Sun, 05 May 1996 22:03:15 -0700 From: Bill Trost <trost@cloud.rain.com> To: tbalfe@tioga.com (Thomas J Balfe) Cc: security@freebsd.org Subject: Re: sendmail Message-ID: <m0uGIS5-00002MC@cloud.rain.com> In-Reply-To: Your message of Sun, 05 May 1996 14:29:00 %2B0200. <199605051229.OAA20467@keltia.freenix.fr> References: <199605051229.OAA20467@keltia.freenix.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
Ollivier Robert writes:
It seems that Thomas J Balfe said:
> [D]oes sendmail have to be mode 4555 to function correctly, or will be
> function correctly as mode 555? Or even 4111?
You need the setuid bit as sendmail is switching uids during
execution when a user program runs it.
However, if the sendmail is not doing any local delivery, then
there is no reason that it cannot be run as some other user at all
times (including when it is started up by /etc/rc or however you
like to start it up). You might even be able to do this by using
something like procmail (yech) to perform local delivery -- of
course, then procmail has to be setuid root.
You might get away with making sendmail only setgid to a user
capable of writing the files in /var/mail, but that gets really
strange and you still lose deliveries to pipes.
WARNING: I have not tried this with sendmail, but have successfully
run smail non-root on a machine with no local mailboxes.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m0uGIS5-00002MC>