Brett Lymn: > According to Jonathan Stott: > > > >A better fix would be to use procmail, or /bin/mail, or some other > >program for local mail delivery. > > > > A lot of people have been recommending putting procmail in to perform > filtering of mail as an adjunct to sendmail. I did a quick grep for > the notorious strc{at,py} commands in the procmail source and found > quite a few. I have not analysed the code but people putting in > filters now to prevent the recent problems with mime et al could be > (I said _could_be_) leaving themselves open for a more subtle exploit > later on via procmail overflows. It is also possible to make sure that mail.local (or any other mail delivery program) can be used only by sendmail: Assuming that program was setuid root: 1) drop setuid bit chmod u-s /usr/libexec/mail.local 2) add define (`LOCAL_MAILER_FLAGS',LOCAL_MAILER_FLAGS`S') to your *.mc file before MAILER(local) -line. Alternatively add just FEATURE(local_lmtp) before MAILER(local) -line ('S' flags is already defined by FEATURE(local_lmtp) so it do not need to be added.) That S flag causes that sendmail calls local mailer as root. So mailer itself does not need to be setuid root. Summary: If you use FEATURE(local_lmtp) /usr/libexec/mail.local does not need to be setuid root. / Kari Hurtta
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:12:14 PDT