[17208] in bugtraq
Re: sendmail -bt negative index bug...
daemon@ATHENA.MIT.EDU (Glynn Clements)
Fri Oct 13 18:51:39 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <14822.4147.770049.290691@cerise.globalmegacorp.com>
Date: Thu, 12 Oct 2000 20:25:39 +0100
Reply-To: Glynn Clements <glynn@SENSEI.CO.UK>
From: Glynn Clements <glynn@SENSEI.CO.UK>
X-To: Michal Zalewski <lcamtuf@DIONE.IDS.PL>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.10.10010081417330.1498-100000@localhost>
Michal Zalewski wrote:
> Sendmail, launched with -bt command-line switch, enters it's special
> "address test" mode. It is not dropping root privledges (why?),
Presumably sendmail doesn't drop root priviledges[1] when performing
address rewrites for real. If so, then dropping them only in test mode
could invalidate any tests (particularly if sendmail.cf uses any
"prog" maps; I don't know whether any other map types require
privileges after the initial startup has completed).
[1] Actually "sendmail -bt" seems to honour the setting of the
RunAsUser option, so the term "root privilege" isn't 100% accurate.
--
Glynn Clements <glynn@sensei.co.uk>
