Re: [OFFTOPIC] Re: [PATCH] Single user linux

From: Tomas Telensky (ttel5535@ss1000.ms.mff.cuni.cz)
Date: Tue Apr 24 2001 - 08:52:55 EST


On Tue, 24 Apr 2001, Alexander Viro wrote:

>
>
> On Tue, 24 Apr 2001, Tomas Telensky wrote:
>
> > of linux distributions the standard daemons (httpd, sendmail) are run as
> > root! Having multi-user system or not! Why? For only listening to a port
> > <1024? Is there any elegant solution?
>
> Sendmail is old. Consider it as a remnant of times when network was
> more... friendly. Security considerations were mostly ignored - and
> not only by sendmail. It used to be choke-full of holes. They were
> essentially debugged out of it in late 90s. It seems to be more or
> less OK these days, but it's full of old cruft. And splitting the
> thing into reasonable parts and leaving them with minaml privileges
> they need is large and painful work.

Thanks for the comment. And why not just let it listen to 25 and then
being run as uid=nobody, gid=mail?
  Tomas

>
> There are alternatives (e.g. exim, or two unmentionable ones) that are
> cleaner. Besides, there are some, erm, half-promises that next major
> release of sendmail may be a big cleanup. Hell knows what will come out
> of that.
>

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Mon Apr 30 2001 - 21:00:11 EST