Bug 78223 - Milters should not run with root privilegies
Milters should not run with root privilegies
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: sendmail (Show other bugs)
8.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Florian La Roche
David Lawrence
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-11-20 06:03 EST by Petr Krištof
Modified: 2007-04-18 12:48 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-01-12 06:31:13 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Petr Krištof 2002-11-20 06:03:29 EST
It is better to compile sendmail to do not allow run milters
with root privilegies.

Im suggest to add -D_FFR_MILTER_ROOT_UNSAFE.

Cut from libmilter/README:
Note: we strongly recommend not to run any milter as root.  Libmilter
does not need root access to communicate with sendmail.  It is a
good security practice to run a program only with root privileges
if really necessary.  A milter should probably check first whether
it runs as root and refuse to start in that case.  There is a
compile time option _FFR_MILTER_ROOT_UNSAFE which keeps libmilter
from unlinking a socket when running as root.  It is recommended
to turn on this option:

APPENDDEF(`conf_libmilter_ENVDEF', `-D_FFR_MILTER_ROOT_UNSAFE ')
Comment 1 Florian La Roche 2003-01-12 06:31:13 EST
added to sendmail-8.12.7-3 or newer

thanks,

Florian La Roche

Note You need to log in before you can comment on or make changes to this bug.