[919] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] sendmail security issues

daemon@ATHENA.MIT.EDU (rdm@tad.micro.umn.edu)
Wed Jul 17 12:13:29 1996

From: rdm@tad.micro.umn.edu
Date: 17 Jul 1996 14:17:36 -0000
To: linux-security@tarsier.cv.nrao.edu

Stephen C. Tweedie:
>> Sendmail is actually a bad example.  It needs access to certain
>> mail-specific files, but that can be done by the normal user/group
>> mechanism anyway.  It does not need the privilege of writing files as
>> another user: a separate delivery program should be used for this to
>> minimise the possibility of that privilege leaking out of a program
>> bug.  And it _certainly_ shouldn't be given root privilege if all it
>> needs to do is to bind to a privileged port.

Wietse Venema:
>There is more to sendmail than just this:
>- access recipient's ~/.forward files and exploder :include: files

accessing recipient's ~/.forward files would also be best handled by
a separate delivery program that runs under the user's uid.  :include:
file handling is purely an abstraction and should be run under the
proper uid for whatever file it's included from.

Wietse Venema continues:
>This is actually a recursive process.
>- execute shell commands (either in .forward, aliases or other).

If this ever crosses uid boundaries, it should be treated as just another
mail message and go through all the standard mechanisms for handling mail
messages.

-- 
Raul

home help back first fref pref prev next nref lref last post