[916] in linux-security and linux-alert archive
Re: [linux-security] security idea
daemon@ATHENA.MIT.EDU (Wietse Venema)
Tue Jul 16 06:53:59 1996
From: wietse@wzv.win.tue.nl (Wietse Venema)
To: sct@dcs.ed.ac.uk (Stephen C. Tweedie)
Date: Tue, 16 Jul 96 12:04:13 MET DST
Cc: braam@maths.ox.ac.uk, linux-security@tarsier.cv.nrao.edu
In-Reply-To: <199607152159.WAA01738@dax.dcs.ed.ac.uk>; from "Stephen C. Tweedie" at Jul 15, 96 10:59 pm
> Sendmail is actually a bad example. It needs access to certain
> mail-specific files, but that can be done by the normal user/group
> mechanism anyway. It does not need the privilege of writing files as
> another user: a separate delivery program should be used for this to
> minimise the possibility of that privilege leaking out of a program
> bug. And it _certainly_ shouldn't be given root privilege if all it
> needs to do is to bind to a privileged port.
There is more to sendmail than just this:
- access recipient's ~/.forward files and exploder :include: files
This is actually a recursive process.
- execute shell commands (either in .forward, aliases or other).
No to contradict that sendmail is a bad example.
Wietse