From owner-freebsd-security Wed Jan 8 13:14:57 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id NAA29728 for security-outgoing; Wed, 8 Jan 1997 13:14:57 -0800 (PST) Received: from service.esys.ca (root@service.esys.ca [141.118.1.124]) by freefall.freebsd.org (8.8.4/8.8.4) with SMTP id NAA29721 for ; Wed, 8 Jan 1997 13:14:53 -0800 (PST) Received: from monet.esys.ca by service.esys.ca with smtp (Smail3.1.28.1 #1) id m0vi5NK-000UljC; Wed, 8 Jan 97 14:17 MST Received: from cezanne.esys.ca by monet.esys.ca with smtp (Smail3.1.28.1 #6) id m0vi5P8-000RWwC; Wed, 8 Jan 97 14:19 MST From: Lyndon Nerenberg To: Jimbo Bahooli cc: freebsd-security@freebsd.org Subject: Re: sendmail running non-root SUCCESS! In-Reply-To: Message-ID: Date: Wed, 8 Jan 1997 14:19:21 -0700 (MST) Priority: NORMAL X-Mailer: Simeon for Hpux Motif Version 4.1 X-Authentication: none MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Tue, 7 Jan 1997 21:01:32 -0600 (CST) Jimbo Bahooli wrote: > Other notes, i believe all .forward and related files need to be readable > by the user daemon. I also recommend using tcp_wrappers for logging > because in /var/log/maillog the relay will show up as localhost because of > the redirection. > > Any comments? If one were to deprecate ~/.forward in favour of /var/db/forward/$USER, and write a forward(1) command to allow user manipulation of the files in the new location then the above restriction would go away. (Use the crontab(1) command as a model.) --lyndon Disco music makes it possible to have disco entertainment centers. Disco entertainment centers make it possible for mellow, laid-back, boring kinds of people to meet each other and reproduce. --Frank Zappa