On Mon, 25 Nov 1996, Neal Becker wrote:
> Sendmail is often run in daemon mode so that it can "listen" for
> incoming mail connections on the standard SMTP networking port, usually
> port 25. The root user is the only user allowed to start sendmail this
> way, and sendmail contains code intended to enforce this restriction.
Exim does not at present contain this restriction (neither does smail).
Of course, when your system is running normally, the daemon is listening
on port 25 and anyone trying to start another daemon fails. However, I
suppose it is theoretically possible that a user might cause damage by
starting a daemon when for some reason the management doesn't want one
started. Consequently I intend to change Exim so that only an admin user
can start a daemon.
> Unfortunately, due to a coding error, sendmail can be invoked in daemon
> mode in a way that bypasses the built-in check. When the check is
> bypassed, any local user is able to start sendmail in daemon mode. In
> addition, as of version 8.7, sendmail will restart itself when it
> receives a SIGHUP signal. It does this restarting operation by
> re-executing itself using the exec(2) system call. Re-executing is done
> as the root user. By manipulating the sendmail environment, the user can
> then have sendmail execute an arbitrary program with root privileges.
I'm not sure what is meant there by "By manipulating the sendmail
environment". Is it that sendmail reads data from environment variables?
Exim does not do this. The only thing it reads is its configuration
file, whose name is screwed into the code.
--
Philip Hazel University Computing Service,
ph10@??? New Museums Site, Cambridge CB2 3QG,
P.Hazel@??? England. Phone: +44 1223 334714
