Date: Sat, 21 Nov 1998 07:01:51 -0800 From: Don Lewis <Don.Lewis@tsc.tdk.com> To: Matthew Dillon <dillon@apollo.backplane.com>, William McVey <wam@sa.fedex.com> Cc: Warner Losh <imp@village.org>, Andre Albsmeier <andre.albsmeier@mchp.siemens.de>, freebsd-security@FreeBSD.ORG, jkh@zippy.cdrom.com (Jordan K. Hubbard), dima@best.net (Dima Ruban) Subject: Re: Would this make FreeBSD more secure? & sendmail changes in OpenBSD 2.4 Message-ID: <199811211501.HAA29212@salsa.gv.tsc.tdk.com> In-Reply-To: Matthew Dillon <dillon@apollo.backplane.com> "Re: Would this make FreeBSD more secure? & sendmail changes in OpenBSD 2.4" (Nov 16, 9:27pm)
next in thread | previous in thread | raw e-mail | index | archive | help
On Nov 16, 9:27pm, Matthew Dillon wrote: } Subject: Re: Would this make FreeBSD more secure? & sendmail changes in Op } :> Use TCAPF_LOWPORT to fix xntpd, lpd, bind, sendmail, and possibly } :> others. } : } :I'm not convinced that sendmail and lpd require TCAPF_LOWPORT. I think } :inetd and the 'wait' attribute can do what they need, but I'm all for } :adding the solution as defined above. It probably would be usefull for } :bind (which as a single process needs to bind to udp/53 as well as tcp/53). } } I don't think they need it either, as long as sendmail and lpd are } started as root and setuid() themselves after binding the port I'd be } happy. There are two complications with sendmail that I haven't seen mentioned. One is that sendmail will close its listening socket on port 25 when it decides that the system load is too high, and reopen the socket when the load has dropped to an acceptable level. The second is that it needs to read more 400 .forward files. If you use the RunAsUser sendmail configuration feature, you get most of the benefits of an immediate setuid() call. This feature causes sendmail to do the setuid() after it does accept() and fork() and before it interacts with the remote client. I use this feature on machines that don't do local mail delivery. As a matter of fact I've installed two copies sendmail with different privileges on some machines. One copy is installed as /usr/sbin/sendmail, /usr/bin/hoststat and /usr/bin/mailq, and it is installed setuid sendmail. The other copy is installed as /usr/bin/newaliases, /usr/sbin/smtpd and /usr/sbin/purgestat and it is installed mode 555 root.bin. I invoke smtpd as root to run as the listener on port 25, and it is configured with "RunAsUser=sendmail". --- Truck To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199811211501.HAA29212>