Brett Lymn:
> According to Jonathan Stott:
> >
> >A better fix would be to use procmail, or /bin/mail, or some other
> >program for local mail delivery.
> >
>
> A lot of people have been recommending putting procmail in to perform
> filtering of mail as an adjunct to sendmail. I did a quick grep for
> the notorious strc{at,py} commands in the procmail source and found
> quite a few. I have not analysed the code but people putting in
> filters now to prevent the recent problems with mime et al could be
> (I said _could_be_) leaving themselves open for a more subtle exploit
> later on via procmail overflows.
It is also possible to make sure that mail.local (or any other
mail delivery program) can be used only by sendmail:
Assuming that program was setuid root:
1) drop setuid bit
chmod u-s /usr/libexec/mail.local
2) add
define (`LOCAL_MAILER_FLAGS',LOCAL_MAILER_FLAGS`S')
to your *.mc file before
MAILER(local)
-line.
Alternatively add just
FEATURE(local_lmtp)
before MAILER(local)
-line ('S' flags is already defined by FEATURE(local_lmtp)
so it do not need to be added.)
That S flag causes that sendmail calls local mailer as root.
So mailer itself does not need to be setuid root.
Summary:
If you use
FEATURE(local_lmtp)
/usr/libexec/mail.local does not need to be setuid root.
/ Kari Hurtta
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:12:14 PDT