Path: utzoo!attcan!uunet!ncrlnk!ncrcae!hubcap!gatech!uflorida!mailrus!bbn!rochester!uhura.cc.rochester.edu!ur-valhalla!badri
From: badri@valhalla.ee.rochester.edu (Badri Lokanathan)
Newsgroups: comp.mail.sendmail
Subject: Re: Non-root sendmail?
Summary: I stand corrected
Message-ID: <1577@valhalla.ee.rochester.edu>
Date: 11 Nov 88 23:32:05 GMT
References: <164@heart-of-gold> <1572@valhalla.ee.rochester.edu> <735@tank.uchicago.edu>
Organization: UR Dept. of Electrical Engg, Rochester NY 14627
Lines: 51

In article <735@tank.uchicago.edu>, matt@oddjob.uchicago.edu (Matt Crawford) writes:
> Badri Lokanathan:
> ) It may not be possible for the following reason: there is no way currently
> ) for any other id to concatenate a new message to /usr/spool/mail/fubar,
> 
> Sendmail doesn't *do* that, /bin/mail does.

True. I stand corrected. However I delved into the Installation and
Operation Guide (by Eric Allman) and found this interesting tidbit:
-------------------------------------------------------------------------------
	.
	.
4.7.1. To suid or not to suid?
		Sendmail can safely be made setuid to root. At the point where
       it is about to exec(2) a mailer, it checks to see if the userid
       is zero; if so, it resets the userid and groupid to a default
       (set by the u and g options.) This can be overridden by
       setting the S flag to the mailer for mailers that are trusted
       and must be called as root. However this will cause mail
       processing to be accounted (using sa(8)) to root rather than to
       the user sending mail.

4.7.2. Temporary file modes
		The mode of all temporary files that sendmail creates
	is determined by the "F" option. Reasonable values for this option
	are 0600 and 0644. If the more permissive mode is selected, it
	will not be necessary to run sendmail as root at all (even
	when running the queue).
	.
	.

5.3.6. Building mailer descriptions
	.
	.
	If the mailer must be called as root, the "S" flag should be
	given; this will not reset the userid before calling the
	mailer (sendmail must be running setuid to root for this to
	work.)
	.
	.
-------------------------------------------------------------------------------
These were the only references to setuid that I found in the
documentation (other than rebuilding the aliases database and another
reference to the S flag in appendix C with the ironic statement that a
safe environment ran sendmail as root!) No reference to socket 25
being a restricted port.
-- 
"We will fight for the right to be free {) badri@ee.rochester.edu
 We will build our own society         //\\ {ames,cmcl2,columbia,cornell,
 And we will sing, we will sing       ///\\\ garp,harvard,ll-xn,rutgers}!
 We will sing our own song."  -UB40    _||_   rochester!ur-valhalla!badri