slm@wsc-sun.boeing.com (Shamus McBride) (05/30/90)
The situation:
SUN OS 4.0.3
/etc/aliases contains the command:
mlist:kae,slm,"|/wsc-sun2/local/ml/mlist-l-saver"
When mail is received for "mlist", sendmail forks and runs
mlist-l-saver. The mlist-l-saver process runs as uid=daemon,
gid=daemon (normally).
However, when the received mail was sent from the host machine
(wsc-sun), the user-id and group-id of the forked command process
are set to the user-id and group-id of the sender rather than
daemon. This happens even when the mail has left the local net and
gone to a mail reflector at Berkeley and then come back!
The question:
Is this the way it's supposed to work? Given a "command" as the
destination of an address in /etc/aliases, under what user-id,
group-id should the command process run?
Shamus Mc Bride | slm@wsc-sun.boeing.com
Boeing Computer Services | slm%wsc-sun@atc.boeing.com
(206) 865-5047 | uw-beaver!bcsaic!wsc-sun!slm
DISCLAIMER:opinions are mine alone, not necessarily those of The Boeing Company.
--
Shamus Mc Bride | slm@wsc-sun.boeing.com
Boeing Computer Services | slm%wsc-sun@atc.boeing.com
(206) 865-5047 | uw-beaver!bcsaic!wsc-sun!slm
DISCLAIMER:opinions are mine alone, not necessarily those of The Boeing Company.jik@athena.mit.edu (Jonathan I. Kamens) (06/01/90)
In article <273@shuksan.BOEING.COM>, slm@wsc-sun.boeing.com (Shamus McBride) writes: |> However, when the received mail was sent from the host machine |> (wsc-sun), the user-id and group-id of the forked command process |> are set to the user-id and group-id of the sender rather than |> daemon. This happens even when the mail has left the local net and |> gone to a mail reflector at Berkeley and then come back! |> |> ... |> |> Is this the way it's supposed to work? Given a "command" as the |> destination of an address in /etc/aliases, under what user-id, |> group-id should the command process run? The answer to the question, "Is this the way it's supposed to work?" depends on exactly what you mean by the words "supposed to". Yes, sendmail was written in such a way to make things happen as you describe. Yes, it was done intentionally. Therefore, if, by "it's supposed to work", you mean, "it was designed and written to work", then the answer is yes. However, yes, many people (including myself) think its majorly brain-dead, and I believe it's a security problem as well (I'll leave the details to your imagination :-). The solution to this problem which we use around here is to make any programs which are executed out of /usr/lib/aliases setuid to daemon or something like that, so even if sendmail decides to run them as a random user, it won't have any effect. Jonathan Kamens USnail: MIT Project Athena 11 Ashford Terrace jik@Athena.MIT.EDU Allston, MA 02134 Office: 617-253-8495 Home: 617-782-0710