[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Sendmail security issue



Hi everybody!

I am wondering since some months why all new Sendmail versions in Redhat,
even those in Rawhide, Severn and Taroon, have a default setup in
sendmail.mc/sendmail.cf configuration files which breaks the security
architecture coming with Sendmail 8.12.x.

While with Sendmail 8.11.x and earlier all processes run as root, Sendmail
8.12.x has a main process as root and a separated queue runner process
running as unpriviledged user smmsp. In all Redhat Sendmail 8.12.x this
concept is broken by using define(`confTRUSTED_USER', `smmsp') in the
sendmail.mc and therefore sendmail.cf files. So default Redhat Sendmail
hosts are much less secure than they should be.

Months ago I mailed to Florian LaRoche about this, it had no effect at all.
It's not a bug, but a security flaw which is not neccessary.

Regards

Alexander Dalloz


-- 
Alexander Dalloz | Enger, Germany
PGP key valid: made 13.07.1999
PGP fingerprint: 2307 88FD 2D41 038E 7416  14CD E197 6E88 ED69 5653




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]