[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: New vulnerability in Sendmail

On Wed, 20 Nov 1996, Chris Fearnley wrote:

cjf >I can't identify anything that won't work.  Even .forward files work
cjf >since the incoming connections are handled by the sendmail process
cjf >started by root in "/etc/init.d/sendmail start".  I doubt world
cjf >unreadable .forward's would work on a NFS mounted home directory (but
cjf >that is the case anyway, right?).

We use those .forwards heavily.

cjf >I think the above should be the default sendmail installation for
cjf >Debian.  Sysadmins who know what they are doing can make sendmail
cjf >suid to root if they want.  But the rest of us can't be expected to
cjf >drop everything every time a hole is found in sendmail.  Yet our
cjf >businesses often depend on security.

In that case you have a nonstandard installation. Usually sysadmins expect
sendmail to be suid root and thus a security problem to keep an eye on.

There are many tools that have some sort of interaction with sendmail. The
nonsuid change might break some of those.

I have done it since a few years now learned to deal with it and I'd
rather keep the traditional setup than risking breaking things in our
rather complex setup here.

--- +++ --- +++ --- +++ --- +++ --- +++ --- +++ --- +++ ---
PGP Public Key  =  FB 9B 31 21 04 1E 3A 33  C7 62 2F C0 CD 81 CA B5 

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to: