|
ru.unix.bsd
- RU.UNIX.BSD ------------------------------------------------------------------
From : Gregory Edigaroff 2:5020/400 07 Dec 2000 17:55:13
To : All
Subject : sendmail & RunAsUser
--------------------------------------------------------------------------------
[ Article crossposted from comp.mail.sendmail ]
[ Author was Gregory Edigarov ]
[ Posted on 7 Dec 2000 09:21:32 GMT ]
Ok folks, I'm here again, with some new critique of sendmail's behavior.
It will be about RunAsUser option, may be the most necessary option
in the process of building secure system based on sendmail,
but the most useless in its current view.
This is because of completely messed up implementation. It doesn't drop
root privilegies in case when sendmail listen for connections on ANY port,
i.e. you can run it on, say, port 2525 with this option set, then give
command 'ps aux' and what you will see will be really surprizing for you.
But 'ps aux' will show you the truth. Sendmail doesn't drop its privilegies.
Ok, so you shrug... And me too.
This option could be really usefull, if it done right. It could be used,
for example, in situation, where you want to have local users, but also
want more security. In such situation sendmail could be run so:
sendmail -bd -odq -ORunAsUser=mail:mail
sendmail -q[time].
This would make listener to run as user "mail", placing all received messages
to queue, and queue runner, that will run as root, making it possible to use
all the mail routing facilities, such as .forward files.
--
With best regards,
Gregory Edigarov System Administrator of IBM ES/9000
GE1403-RIPE Kharkov State Politechnic University
--
With best regards,
Gregory Edigarov
--- ifmail v.2.15dev5
* Origin: ConCom Ltd. (2:5020/400)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
|
