Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Sendmail up to 8.9.1 - mail.local instroduces new class of

From: sstone () UME PHT CO JP (Scott Stone)
Date: Tue, 11 Aug 1998 09:35:12 +0900

On Mon, 10 Aug 1998, Jeremiah Rothschild wrote:


I run sendmail suid/sgid mail..  Therefore, if hacked, the worst situation
would be losing mail spools.  Doing this has been nicely documented..

Anyone interested should check out www.virtual.net.au/~rjc/sendmail.html


On a related note, sendmail 8.9.0 has its mail.local setuid by default as
well.



# ip

On Thu, 9 Jul 1998, Michal Zalewski wrote:


It's stupid to make any part of sendmail package setuid. It's really
possible to make sendmail work with no setuid nor setgid, by arranging
proper communication with sendmail daemon, if running. Also, I suggest to
be at least careful with new features of recent Sendmail version :-)




--------------------------------------------------
Scott M. Stone <sstone () pht com, sstone () turbolinux com>
               <sstone () pht co jp>
Head of TurboLinux Development/Systems Administrator
Pacific HiTech, Inc (USA) / Pacific HiTech, KK (Japan)
http://www.pht.com              http://armadillo.pht.co.jp
http://www.pht.co.jp            http://www.turbolinux.com
Previous By Date Next
Previous By Thread Next

Current thread: