Subject: OK, so how do we slam shut this sendmail problem once and for all?
To: None <current-users@NetBSD.ORG>
From: John Kohl <firstname.lastname@example.org>
Date: 08/30/1995 21:44:01
I'm getting tired of new-and-different sendmail holes arriving every so
How difficult would it be to make sendmail run as an unprivileged user?
Give it rights to deliver mail locally (through a privileged delivery
agent which can be many fewer lines of code and easier to audit), throw
it in a chroot-ed environment, and don't let it out of its cage.
That should reduce the potential exposure to just destroying/stealing
local mailboxes. Can folks live without .forward files piping mail to
an agent and/or other random-execution paths?