I run sendmail suid/sgid mail.. Therefore, if hacked, the worst situation would be losing mail spools. Doing this has been nicely documented.. Anyone interested should check out www.virtual.net.au/~rjc/sendmail.html # ip On Thu, 9 Jul 1998, Michal Zalewski wrote: > It's stupid to make any part of sendmail package setuid. It's really > possible to make sendmail work with no setuid nor setgid, by arranging > proper communication with sendmail daemon, if running. Also, I suggest to > be at least careful with new features of recent Sendmail version :-)
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:11:53 PDT