[Mimedefang] Strange error (only on Linux)
James B. Huber
jbh at gencon.com
Thu May 23 10:44:55 EDT 2002
David,
thanks again....see below:
On 2002.05.23 10:31 David F. Skoll wrote:
> On Thu, 23 May 2002, James B. Huber wrote:
>
> > But the point of running them SUID "smmsp" (the sendmail
> > NON-root user) is that they have ZERO permissions except to
> > write in their own "spool" directory (NOT sendmail's spool).
>
> Really?? This is how my sendmail setup looks:
>
> $ ls -ld /var/spool/clientmqueue
> drwxrwx--- 2 smmsp smmsp 4096 May 23 08:21
> /var/spool/clientmqueue
Mine is mode 700 so only smmsp gets to write to it, and only the
local submission agent (and milters and it's friends) can access it.
> So a suid-smmsp program would allow writing of arbitrary files in the
> clientmqueue directory. This may not be a huge problem (after all,
> that is how you submit mail), but my feeling is that files in that
> directory are "trusted" by sendmail, and being able to write arbitrary
> junk in the directory is probably not a good idea.
>
> > I'm not in a position to run "beta" code on my mailers
> > so that's not an option.
>
> OK. 2.12-final will be out soon. :-) The "su" trick won't work
> because then mimedefang and multiplexor won't have permissions to
> create
> sockets in /var/run (unless you loosen the permission in /var/run or
> create
> the sockets elsewhere.)
I have a /var/run/sendmail sub-directory that is mode 700 owned
by smmsp where I put the PID files and the sockets, started doing
that when I was trying to use SA and spamass-milter which bumped
into the same problem.
So with the above in mind, do you think I could do the
"su" stunt ? I really do want to run this on my RH box....
Will anxiously await the 2.12-final ;-)
Again Thanks !
Jim
--
======================================================================
James B. Huber jbh at gencon.com
======================================================================
More information about the MIMEDefang
mailing list