Path: utzoo!attcan!uunet!husc6!mailrus!cwjcc!hal!ncoast!allbery From: allbery@ncoast.UUCP (Brandon S. Allbery) Newsgroups: comp.unix.wizards Subject: Re: Predictable Message-ID: <13170@ncoast.UUCP> Date: 24 Nov 88 18:50:19 GMT References: <17464@adm.BRL.MIL> <120@minya.UUCP> Reply-To: allbery@ncoast.UUCP (Brandon S. Allbery) Followup-To: comp.unix.wizards Organization: Cleveland Public Access UN*X, Cleveland, Oh Lines: 41 In his article <120@minya.UUCP> ["Re: Predictable"], jc@minya wrote: +--------------- | Most people understand that it isn't quite fair to criticise a | security package's failures when it is not running. When they | ask why sendmail needs to run with security suppressed, I just | say "I don't know; its major competitor (uucp) doesn't require | suppressing Unix security, and it runs fine." +--------------- Uucp, going through the password file (except on att.att.com, where it goes through /usr/lib/uucp/Permissions and is even more secure as a result), has plenty of security to play with. But the network entry point to sendmail is via a particular Internet port; while a random user cannot alter the shell for another user in /etc/password and cannot replace /usr/lib/uucp/uucico with another program (or so we hope), if the SMTP port weren't root-only *any* user could arrange for their own program to listen on the SMTP port and wreak all kinds of havoc on other systems. Or at minimum could read anyone's incoming net mail. Fun, eh? I'm not certain what to do about it, I'm not a network maven. Except that perhaps network ports should be handled the same way serial ports are; then *any* (incoming) port could be used to handle mail, and the "shell" for the port would be /usr/lib/sendmail. (In fact, one could use the same password file and thereby get SMTP over serial ports and an automatic "rlogin" (well, maybe "telnet") mechanism on Inet ports.) Remote mounts could log in to rmountd, etc. Anyone with a bit more knowledge about networking want to tell me what's wrong with this? What would break (yes, I know, *everything* at first -- but is there anything that absolutely depends on the current setup?) and what would require a prohibitive amount of rewriting? I'm just tossing out random ideas; they may not be useable as is, but may contain ideas that *can* be used in some other form.... ++Brandon -- Brandon S. Allbery, comp.sources.misc moderator and one admin of ncoast PA UN*X uunet!hal.cwru.edu!ncoast!allbery ncoast!allbery@hal.cwru.edu allberyb@skybridge.sdi.cwru.edu allbery@uunet.uu.net comp.sources.misc is moving off ncoast -- please do NOT send submissions direct Send comp.sources.misc submissions to comp-sources-misc@.