Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 9 Jan 1997 20:04:12 +0100
From:      roberto@keltia.freenix.fr (Ollivier Robert)
To:        freebsd-security@freebsd.org
Subject:   Re: sendmail running non-root SUCCESS!
Message-ID:  <Mutt.19970109200412.roberto@keltia.freenix.fr>
In-Reply-To: <Mutt.19970109153512.pb@sidhe.hsc.fr>; from Pierre Beyssac on Jan 9, 1997 15:35:12 %2B0100
References:  <Mutt.19970109114424.pb@sidhe.hsc.fr> <199701091347.IAA23487@homeport.org> <Mutt.19970109153512.pb@sidhe.hsc.fr>

next in thread | previous in thread | raw e-mail | index | archive | help
According to Pierre Beyssac:
> Not exactly (though I don't know procmail well enough: maybe it
> can do that too).

Look on your own machine Pierre, that's the way I set it up when it was
mine :-) The way to do it is to use FEATURE(local_procmail).

> sendmail could process the .forward as usual, but it would
> call the external prog mailer to ask it to run "/home/user/bin/myownstuff"
> as "user" and pipe the mail to it.

It is very easy to implement (winthin sendmail). Now, where is the patch
for the run-as-user program ? :-)

> I don't know how easy it would be to make this secure, it's just an
> idea. My feeling is that it should be possible to define something
> more modular than sendmail, with only very few parts setuid inside.

That's Qmail for you.

Qmail would have been fine for most use in place of sendmail if it
supported some more sendmail-compatible features like DSN, ESMTP, proper
UUCP support and a simplier configuration system (I don't like the
.qmail-foo-bar system).

Even making the one mail/one recipient feature optional would be nice but
Bernstein is too stubborn.

-- 
Ollivier ROBERT    -=- The daemon is FREE! -=-    roberto@keltia.freenix.fr
  FreeBSD keltia.freenix.fr 3.0-CURRENT #33: Sat Dec 21 12:57:17 CET 1996



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Mutt.19970109200412.roberto>