Date: Sun, 24 Nov 1996 08:14:53 -0600 From: peter@taronga.com (Peter da Silva) To: hackers@freebsd.org Subject: Replacing sendmail (Re: non-root users binding to ports < 1024 (was: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2).)) Message-ID: <199611241414.IAA27560@bonkers.taronga.com> In-Reply-To: <E0vRXkr-0004O4-00@rover.village.org> References: <9611240314.AA03473@communica.com.au> ,<9611240314.AA03473@communica.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
In article <E0vRXkr-0004O4-00@rover.village.org>, Warner Losh <imp@village.org> wrote: >You have stated that it is a bad idea, but you have not offered an >alternative. Nor have you really said why it is a good idea, beyond >removing some bloat from sendmail. Remove sendmail. Make it an option. Make qmail the primary mail transport agent on FreeBSD. If someone needs a really complex mail routing environment or batching of outgoing mail over a low speed line (about the only things they can do under sendmail that qmail won't handle) they can install the port/package for sendmail. That would also make it easier for sendmail users to keep up to date (which they have to be doing anyway). I'm running too far back (2.0.5) to do this right now, but I'm planning on moving up to -current once I get a couple more bits for my new beater machine (Stephanie doesn't like me taking Bonkers down for some reason) so I can actually hook it up and do real work on it. That's probably not going to happen until after Usenix. As for "non-root users binding to low ports", the logical thing to do is to put the access to ports in the file system, and then set the permissions on /dev/tcp/25 to "rw-rw---- mailagent mailgroup". This can be done by modifying bind() to look at something devfs sets up, making bind() a library routine that does an open and uses an ioctl to establish access rights, making bind() look to see if you have the right "ip special file" open, or by replacing the whole socket/bind sequence with an explicit open (academicly elegant but would break EVERYTHING). I believe that there are already some hooks in access to hardware that depend on having a specific special file open but don't actually use that file descriptor for anything, so that's probably the best way to go.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199611241414.IAA27560>