On Tue, 24 Apr 2001, Alexander Viro wrote:
>
>
> On Tue, 24 Apr 2001, Tomas Telensky wrote:
>
> > of linux distributions the standard daemons (httpd, sendmail) are run as
> > root! Having multi-user system or not! Why? For only listening to a port
> > <1024? Is there any elegant solution?
>
> Sendmail is old. Consider it as a remnant of times when network was
> more... friendly. Security considerations were mostly ignored - and
> not only by sendmail. It used to be choke-full of holes. They were
> essentially debugged out of it in late 90s. It seems to be more or
> less OK these days, but it's full of old cruft. And splitting the
> thing into reasonable parts and leaving them with minaml privileges
> they need is large and painful work.
Thanks for the comment. And why not just let it listen to 25 and then
being run as uid=nobody, gid=mail?
Tomas
>
> There are alternatives (e.g. exim, or two unmentionable ones) that are
> cleaner. Besides, there are some, erm, half-promises that next major
> release of sendmail may be a big cleanup. Hell knows what will come out
> of that.
>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Apr 30 2001 - 21:00:11 EST