On Thu, 4 Jul 2002, Amanda Jones wrote: > If your firewall can do port forwarding then you can easily do this > yourself for most services. Just have the firewall forward port 25 to > say 2025 and let sendmail run on 2025. Yes, but your MTA process most likely still needs root privileges to expand certain aliases, read .forward files, perhaps access user-owned maildirs / mailboxes. If your MTA is modular, at best you can run the listener part as non-root user, but it isn't the most vulnerable piece of code anyway - message parsing, address expansion, actual delivery are most risky operations. -- _____________________________________________________ Michal Zalewski [lcamtufat_private] [security] [http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};: =-=> Did you know that clones never use mirrors? <=-= http://lcamtuf.coredump.cx/photo/
This archive was generated by hypermail 2b30 : Thu Jul 04 2002 - 11:42:03 PDT