[1109] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] nonroot sendmail

daemon@ATHENA.MIT.EDU (*Hobbit*)
Wed Aug 28 20:15:09 1996

Date: Wed, 28 Aug 1996 03:40:36 -0400
From: *Hobbit* <hobbit@avian.org>
To: linux-security@tarsier.cv.nrao.edu

   [REW: I doubt that you can configure sendmail to not need root.

Suid-"mail" works just fine, if it's never going to deliver directly to
files or scripts.  Local mail-spool delivery can be handled by a suid-root
mail.local.  The "mail" uid owns the mail queue, but nothing else; it can't
even write the aliases db.  On a firewallish sort of machine sendmail will
only forward in and out anyway, so it doesn't even need the local stuff.

   Telnet uses login to change the uid, so it needs the suid bit on login
   or it needs to be run as root itself.

In most setups there's no need for login to be suid, and having it suid root
should never be even slightly encouraged.  It's called by quite the cadre
of things already running as root, so yank them bits the vendors so kindly
left on for you...

[REW: Agreed. The case that the setuid bit is needed is when people at 
your site have the habbit of walking over to someone and "saying may I
use your terminal?" Then you can save a few CPU cycles and keystrokes
by typing login <newuser> instead of first logging out.....

Let's please close this subject. Not Linux-specific, and it's been
going on too long already.]

_H*

home help back first fref pref prev next nref lref last post