research> Sendmail supports TLS between MTAs. I don't believe doing TLS to the research> local delivery agent (i.e. LMTP) would be hard to achieve. sendmail already supports this if the LMTP agent advertises STARTTLS in it's LHLO response. research> Sendmail 8.12.x does that. It's no longer installed setuid by research> default. The daemon has to start as root because there's no research> other way to bind to port 25, but user instances and forked research> children all run as "smmsp" or whatever user is designated. Only if RunAsUser is set. research> Users can't get root through the binary from the command line, at research> all, ever (unless you know a way to elevate privileges without research> setuid). That statement may be misleading to some. True, the command line binary can not give root but the message is then passed to another sendmail MTA and if RunAsUser isn't set, that MTA will be running as root. If a bug were found in that MTA, then the command line sendmail can serve as an avenue to getting root privs, but for that matter, so could telnet. Also, the ability to "get root" isn't the only security problem. Getting any elevated privs (even the extra smmsp group) is not acceptable.
This archive was generated by hypermail 2b30 : Thu Feb 28 2002 - 14:15:53 PST