Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!ukma!nrl-cmf!ames!zodiac!zooks!jordan
From: jordan@zooks.ads.com (Jordan Hayes)
Newsgroups: comp.mail.sendmail
Subject: Re: IDA Sendmail kit just went out
Message-ID: <6129@zodiac.UUCP>
Date: 18 Nov 88 00:32:26 GMT
References: <10695@bigtex.cactus.org>
Sender: news@zodiac.UUCP
Reply-To: jordan@ads.com (Jordan Hayes)
Organization: Advanced Decision Systems, Mt. View, CA (415) 960-7300
Lines: 22

James Van Artsdalen <james@bigtex.cactus.org> writes:

	The wormhole was only indirectly related to the "debug".  Those
	who smugly kill the "debug" word are in for a surprise;

Um, how so?  The only other way to turn on debugging requires command
line arguments, and if you run sendmail that way, the script will get
run as you (not daemon) ... to be sure, the "fix" that was distributed
by UCB was not the best one, but it certainly closes that hole.
Sendmail tries real hard (sometimes *too* hard) to run things as
non-priveledged as possible when it can.

	those who turn off all debugging code are making their lives
	needlessly miserable.

Why is that?  How often do you use the debugging features?  I have a
non-set-uid version in my bin that I use for configuration file
hacking, but you should normally not ever need it (there are some fixes
required to get all the benefits from logging with DEBUG #undef'd, but
they are rather straightforward).

/jordan