Suid and gid files
Lyndon Nerenberg
lyndon at orthanc.ab.ca
Mon Jun 23 14:06:36 PDT 2003
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> The one potentially problematic case that comes to mind is mail
> submission
> by sendmail; mechanisms such as cron, at, etc, expect to be able to
> generate mail from unprivileged users and that may break if you use
> sendmail as the MTA but without setuid. There are mail systems that
> don't
> require setuid, instead relying on LTMP, which might be preferable in
> your
> environment. I also find su very helpful, FWIW :-).
>
> You can solve this by having sendmail put up an SMTP listener on a
> named socket. Create a directory /var/run/sendmail that is mode 755
> owned by the sendmail runtime user (smmsp), then have sendmail listen
> on /var/run/sendmail/submission instead of port 25 (or 587).
>
> To make this useful to applications we would need a function (in
> libutil?) that mail clients could call to do the dirty work of
> submission. There are benefits to this approach over using
> command-line sendmail to submit: the client can make use of SMTP
> facilities such as DSNs, message tracking, delivery-by, etc.
>
> - --lyndon
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.0.2 - not licensed for commercial use: www.pgp.com
>
> iQA/AwUBPvdr1wqAE4lfBssoEQJxQgCfVD+371Qc/xaQXGc0KcpREY2LcIsAoO42
> x7RWNGMO1/VM5n0oJGgc/ulq
> =ZYQI
> -----END PGP SIGNATURE-----
More information about the freebsd-hackers
mailing list