On Sat, 21 Sep 2002, Pong wrote: > ... because sendmail always runs as > root so there is a need to drop privs *in every situation* since it's a > monolithic setuid executable. it's like logging into your box as root then > su-ing to a normal user for each task.
Sendmail-8.12.X does not run "setuid root" anymore. For client submissions to the mail queue, a new directory drwxrwx--- smmsp smmsp /var/spool/clientmqueue is used, owned by user smmsp (uid 25) and group smmsp (gid 25). Now sendmail runs "setgid smmsp" -r-xr-sr-x root smmsp /usr/sbin/sendmail So the security issue connected with sendmail being "setuid root" is solved. Sendmail is monolithic, true, but I have a bias in favor of "old reliables that have been around for a long time and are still being maintained", like sendmail, just as I have a bias for Unix/Linux as against Win2K/XP. PMana _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
