Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uwm.edu!ux1.cso.uiuc.edu!mp.cs.niu.edu!rickert From: rickert@mp.cs.niu.edu (Neil Rickert) Newsgroups: comp.mail.sendmail Subject: Re: problem with uucp-originated mail Message-ID: <1990Dec12.142440.8044@mp.cs.niu.edu> Date: 12 Dec 90 14:24:40 GMT References: <198@touch.touch.com> <1990Dec11.040246.11831@mp.cs.niu.edu> <1990Dec12.022502.5066@Latour.Sandelman.OCUnix.On.Ca> Organization: Northern Illinois University Lines: 61 In article <1990Dec12.022502.5066@Latour.Sandelman.OCUnix.On.Ca> mcr@Latour.Sandelman.OCUnix.On.Ca (Michael Richardson) writes: >In article <1990Dec11.040246.11831@mp.cs.niu.edu> rickert@mp.cs.niu.edu (Neil Rickert) writes: >> to do setuid(0) internally. (This of course has security >> implications). > > Why? Mine certainly isn't. My uuxqt is setuid uucp, and my sendmail >trusts uucp. What is the problem? uuxqt HAS to be setuid uucp to >run. > Running 'setuid uucp' does not mean a whole lot. This means that the effective uid is that of 'uucp'. But 'sendmail' runs 'setuid root' so the only effective uid it sees is that of root. There is no way that 'sendmail' can tell the effective uid of the program invoking it. Therefore it must make any decisions of who invokes based on other information - either the real uid or the login name. >> initiates a connection, and collects remote mail. Since many >> versions of 'sendmail' determine the user from the getlogin() >> command, the login name of this user will be used to decide if > > Sounds like a broken sendmail. Source is usually available for that (I still >haven't gotten source to a Sys V.3 port yet. I know they exist, but >they seem rare) > Finding the identity of the invoker of your program is not as easy as it looks. Try it before you criticize. In the case of an suid program such as 'sendmail' the effective uid is always 0, so no use in determining the invoker. The real uid is not necessarily the right answer either, since several different login names may share the same uid. Since 'sendmail' has to possibly create a return address it has to get it right. The name you logged in as (obtained from getlogin() is reasonably reliable when available. If you use a windowing system, however, you may not be using the login tty, so even this is then unavailable. The versions of 'sendmail' that I have used, up through 5.61 all used getlogin() to determine who invoked the program, and fell back on other means only if that failed. Versions 5.64 and 5.65 also use getlogin(), but check that the uid corresponding to getlogin() corresponds to the realuid, and if not use other means of identification. Here is a test you can make. 1. Login as yourself. 2. Without using a windowing system, script, or other feature that gives a different tty (pty), su to another user. Now send yourself mail. Check the 'From' information. Does it say that the mail came from the name you logged in as, or the one you went to with 'su'? Once again I reiterate - UUCP mail needs to specify the restricted '-f' option to sendmail, and when the loginname invoking UUCP is not always predictable the only reliable approach is to ensure that the from address contains a '!' or that 'rmail' runs with a real uid of 0. In the circumstances of the orinator of this subject line, the surest and simplest approach is to ensure that the Mac originating the mail follows properly the UUCP protocols by using a bang format of address in the 'From ' line. It can use a domain ('@') format on the 'From:' line and the 'To:' line if it wishes, as these cause no problems. -- =*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*= Neil W. Rickert, Computer Science Northern Illinois Univ. DeKalb, IL 60115. +1-815-753-6940