Re: sendmail and suidness (or lack thereof)

To: Russell Coker <russell@coker.com.au>
Cc: <debian-devel@lists.debian.org>
Subject: Re: sendmail and suidness (or lack thereof)
From: Richard A Nelson <cowboy@vnet.ibm.com>
Date: Sun, 8 Apr 2001 13:54:48 -0400 (EDT)
Message-id: <[🔎] Pine.LNX.4.33.0104081345200.25448-100000@back40>
In-reply-to: <[🔎] 0104050100330G.12361@lyta>

On Thu, 5 Apr 2001, Russell Coker wrote:

> > The change is based upon the reasons sendmail has for root:
> >   * bind to port 25 (could be done via authbind)
>
> Also can be done by inetd as I did in ~1995.

True, but I already give the user the chance to run via inetd or not -
I'm talking about daemon processing

> >   * calls to LDA (procmail, etc) that aren't suid root - no alternative
>
> You can tell sendmail to only use /var/spool/mail and make it group writable
> by group "mail".
>
> >   * read user's .forward - no alternative
>
> .forward can be world-readable and the user's home directory can be mode 711.

Indeed, but thats an adminstrators call, there is no way for sendmail to
check that this is setup properly - only upon seeing the error messages
will the admin know something is amiss

> > sm-mta would not be in the search order, not suid, not be world
> > readable/executable... owned and executed by root via todays
> > /etc/init.d/sendmail.  It'd bind to port 25 and handle passing of mail
> > onto LDAs.
>
> Why not have it run from inetd as some other user?

I give the user that chance, but spawing sendmail from inetd is clearly
non-optimal for alot of cases.

> > It'd be rare that sm-mta didn't accept the message (and it'd be queued),
> > but none the less, there'd be need of either a cronjob, or an instance
> > of sm-msp to periodically dump the new queue to ms-mta.
>
> For mail relay machines and for processing .forward files which deliver to
> outside machines you need to have "sendmail -q" run from cron.

Nope... this new critter is *only* involved in message injection - the
only deliveries it does are to the *real* sendmail queues.

>  Also your  cron job has to make sure that you don't have two copies
>  running at the same time because things go bad then.

meaning what, I routinely start another queue runner, to speed up
delivery - works fine ;)

> > I'm implimenting this on my boxen for testing, and would welcome other
> > ideas, questions & complaints (again, pissing contests will be deleted
> > post haste).
>
> See my web page http://www.coker.com.au/~russell/sendmail.html .  You seem to
> have covered most things that my web page covered, but you might find
> something of use.
> Incidentally this is the most popular of my web pages.  I have been
> consistantly getting a minimum of 100 hits per week for 5 years.

Good stuff on your page !  The (slight) differences in our approach stem
from where their applied...  I'll be changing the default installation
to something secure, and a few of your approaches can still be applied
ontop of that.

-- 
Rick Nelson
Life'll kill ya                         -- Warren Zevon
Then you'll be dead                     -- Life'll kill ya

Reply to:

References:
- Re: sendmail and suidness (or lack thereof)
  - From: Russell Coker <russell@coker.com.au>

Prev by Date: Re: Bug#93163: ITP: rep-xmms
Next by Date: Re: Bug#93163: ITP: rep-xmms
Previous by thread: Re: sendmail and suidness (or lack thereof)
Next by thread: RFC: cdlinux
Index(es):
- Date
- Thread