[Mimedefang] Slightly OT: System shutdown by non-privledged u ser
Lucas Albers
admin at cs.montana.edu
Tue Apr 20 21:25:06 EDT 2004
Nels Lindquist said:
> Hey, there's absolutely nothing wrong with "defense in depth". :-)
If its a mail relay you can also lockdown sendmail to only allow writes to
a subdirectory. So a sendmail exploit won't get you anywhere, I think.
dnl # SAFE_FILE_ENV: [undefined] If set, sendmail will do a chroot()
dnl # into this directory before writing files.
dnl # If *all* your user accounts are under /home then use that
dnl # instead - it will prevent any writes outside of /home !
define(`confSAFE_FILE_ENV',`/var')dnl
--
Luke Computer Science System Administrator
Security Administrator,College of Engineering
Montana State University-Bozeman,Montana
More information about the MIMEDefang
mailing list