[Mimedefang] Strange error (only on Linux)

James B. Huber jbh at gencon.com
Thu May 23 10:44:55 EDT 2002


David,
   thanks again....see below:

On 2002.05.23 10:31 David F. Skoll wrote:
> On Thu, 23 May 2002, James B. Huber wrote:
> 
> >    But the point of running them SUID "smmsp" (the sendmail
> > NON-root user) is that they have ZERO permissions except to
> > write in their own "spool" directory (NOT sendmail's spool).
> 
> Really??  This is how my sendmail setup looks:
> 
> $ ls -ld /var/spool/clientmqueue
> drwxrwx---    2 smmsp    smmsp        4096 May 23 08:21
> /var/spool/clientmqueue

Mine is mode 700 so only smmsp gets to write to it, and only the
local submission agent (and milters and it's friends) can access it.


> So a suid-smmsp program would allow writing of arbitrary files in the
> clientmqueue directory.  This may not be a huge problem (after all,
> that is how you submit mail), but my feeling is that files in that
> directory are "trusted" by sendmail, and being able to write arbitrary
> junk in the directory is probably not a good idea.
> 
> >    I'm not in a position to run "beta" code on my mailers
> > so that's not an option.
> 
> OK.  2.12-final will be out soon. :-)  The "su" trick won't work
> because then mimedefang and multiplexor won't have permissions to
> create
> sockets in /var/run (unless you loosen the permission in /var/run or
> create
> the sockets elsewhere.)

I have a /var/run/sendmail sub-directory that is mode 700 owned
by smmsp where I put the PID files and the sockets, started doing
that when I was trying to use SA and spamass-milter which bumped
into the same problem.

   So with the above in mind, do you think I could do the
"su" stunt ? I really do want to run this on my RH box....

   Will anxiously await the 2.12-final ;-)

Again Thanks !
Jim
-- 
======================================================================
James B. Huber                                          jbh at gencon.com
======================================================================



More information about the MIMEDefang mailing list