Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 9 Jan 1997 10:31:09 -0700 (MST)
From:      Lyndon Nerenberg <lyndon@esys.ca>
To:        Giles Lean <giles@nemeton.com.au>
Cc:        Jimbo Bahooli <moke@fools.ecpnet.com>, freebsd-security@freebsd.org
Subject:   Re: sendmail running non-root SUCCESS!
Message-ID:  <SIMEON.9701091009.B24868@cezanne.esys.ca>
In-Reply-To: <199701090844.TAA01064@nemeton.com.au>

next in thread | previous in thread | raw e-mail | index | archive | help

On Thu, 09 Jan 1997 19:44:18 +1100 Giles Lean <giles@nemeton.com.au> 
wrote:

> 
> On Wed, 8 Jan 1997 14:19:21 -0700 (MST)  Lyndon Nerenberg wrote:
> 
> > If one were to deprecate ~/.forward in favour of /var/db/forward/$USER, 
> > and write a forward(1) command to allow user manipulation of the
> > files 
> 
> Unfortunately, wrong.  The .forward files contain references to
> programs that have to be run as the user, not as daemon or sendmail or
> any other user.

Which can be handled by having "program" alias messages (should the 
site choose to allow them) dumped into a seperate queue that is run by 
a root process whose sole purpose is to execute programs on the users 
behalf. This is the only part of the traditional sendmail chain that 
*requires* it (sendmail) to run as root. Splitting that functionality 
out into a seperate, tiny, single-purpose program makes a lot more 
sense from a security perspective.

--lyndon





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?SIMEON.9701091009.B24868>