[7594] in bugtraq
Re: Sendmail up to 8.9.1 - mail.local instroduces new class of
daemon@ATHENA.MIT.EDU (Jeremiah Rothschild)
Mon Aug 10 12:09:51 1998
Date: Mon, 10 Aug 1998 09:30:35 -0500
Reply-To: Jeremiah Rothschild <jeremiah@GRAVITON.RTINET.NET>
From: Jeremiah Rothschild <jeremiah@GRAVITON.RTINET.NET>
X-To: Michal Zalewski <lcamtuf@IDS.PL>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.4.00.9807091053370.601-100000@lcamtuf.ids.pl>
I run sendmail suid/sgid mail.. Therefore, if hacked, the worst situation
would be losing mail spools. Doing this has been nicely documented..
Anyone interested should check out www.virtual.net.au/~rjc/sendmail.html
# ip
On Thu, 9 Jul 1998, Michal Zalewski wrote:
> It's stupid to make any part of sendmail package setuid. It's really
> possible to make sendmail work with no setuid nor setgid, by arranging
> proper communication with sendmail daemon, if running. Also, I suggest to
> be at least careful with new features of recent Sendmail version :-)
