Re: New vulnerability in Sendmail
On Wed, 20 Nov 1996, Chris Fearnley wrote:
cjf >I can't identify anything that won't work. Even .forward files work
cjf >since the incoming connections are handled by the sendmail process
cjf >started by root in "/etc/init.d/sendmail start". I doubt world
cjf >unreadable .forward's would work on a NFS mounted home directory (but
cjf >that is the case anyway, right?).
We use those .forwards heavily.
cjf >I think the above should be the default sendmail installation for
cjf >Debian. Sysadmins who know what they are doing can make sendmail
cjf >suid to root if they want. But the rest of us can't be expected to
cjf >drop everything every time a hole is found in sendmail. Yet our
cjf >businesses often depend on security.
In that case you have a nonstandard installation. Usually sysadmins expect
sendmail to be suid root and thus a security problem to keep an eye on.
There are many tools that have some sort of interaction with sendmail. The
nonsuid change might break some of those.
I have done it since a few years now learned to deal with it and I'd
rather keep the traditional setup than risking breaking things in our
rather complex setup here.
--- +++ --- +++ --- +++ --- +++ --- +++ --- +++ --- +++ ---
PGP Public Key = FB 9B 31 21 04 1E 3A 33 C7 62 2F C0 CD 81 CA B5
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com