Re: [linux-security] Re: Possible bufferoverflow condition in

[dreamer () garrison inetcan net (Digital Dreamer)]

On Wed, 14 Aug 1996, Mike Jackson wrote:

> On Tue, 13 Aug 1996, Jeff Uphoff wrote:
[snip]
>         The same point goes for any other program.  Very few programs
> need to actually be suid root.  Most systems are using ppp these days,
> rather then slip.  But how many systems still have dip set suid root?!
> I'd bet a lot do.
>
>         Check your systems!  Bugs in programs are found every day.
> Disable what is not needed.

  On the same note, after all the problems with sendmail, why does it
still need suid to operate? It seems like the best thing to do to me
would have it drop them immediately after opening port 25.  If you were
to set the files in /var/spool/mail writable by group mail (and of course
make sendmail in group mail), it could still add to the user's individual
mail spools.  The adduser script or what have you could create the mail
spool when the account was created, since a create would fail if sendmail
tried to do it.

  Apart from the obvious advantages of this making the kind of hole where
files can be arbitrairly overwritten, it also means that even if they do
gain a shell, at least it won't be a root shell.

  Just some random thoughts.

(and yes, I did mean Motif when I said Mosaic in my last post. ;)

dreamer