[916] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] security idea

daemon@ATHENA.MIT.EDU (Wietse Venema)
Tue Jul 16 06:53:59 1996

From: wietse@wzv.win.tue.nl (Wietse Venema)
To: sct@dcs.ed.ac.uk (Stephen C. Tweedie)
Date: Tue, 16 Jul 96 12:04:13 MET DST
Cc: braam@maths.ox.ac.uk, linux-security@tarsier.cv.nrao.edu
In-Reply-To: <199607152159.WAA01738@dax.dcs.ed.ac.uk>; from "Stephen C. Tweedie" at Jul 15, 96 10:59 pm

> Sendmail is actually a bad example.  It needs access to certain
> mail-specific files, but that can be done by the normal user/group
> mechanism anyway.  It does not need the privilege of writing files as
> another user: a separate delivery program should be used for this to
> minimise the possibility of that privilege leaking out of a program
> bug.  And it _certainly_ shouldn't be given root privilege if all it
> needs to do is to bind to a privileged port.

There is more to sendmail than just this:

- access recipient's ~/.forward files and exploder :include: files

This is actually a recursive process.

- execute shell commands (either in .forward, aliases or other).

No to contradict that sendmail is a bad example.

	Wietse

home help back first fref pref prev next nref lref last post