On Mon, 10 Aug 1998, Jeremiah Rothschild wrote: > I run sendmail suid/sgid mail.. Therefore, if hacked, the worst situation > would be losing mail spools. Doing this has been nicely documented.. > > Anyone interested should check out www.virtual.net.au/~rjc/sendmail.html On a related note, sendmail 8.9.0 has its mail.local setuid by default as well. > > # ip > > On Thu, 9 Jul 1998, Michal Zalewski wrote: > > > It's stupid to make any part of sendmail package setuid. It's really > > possible to make sendmail work with no setuid nor setgid, by arranging > > proper communication with sendmail daemon, if running. Also, I suggest to > > be at least careful with new features of recent Sendmail version :-) > -------------------------------------------------- Scott M. Stone <sstoneat_private, sstoneat_private> <sstoneat_private> Head of TurboLinux Development/Systems Administrator Pacific HiTech, Inc (USA) / Pacific HiTech, KK (Japan) http://www.pht.com http://armadillo.pht.co.jp http://www.pht.co.jp http://www.turbolinux.com
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:11:58 PDT