current-users: Re: localhost security hole

Subject: Re: localhost security hole
To: Martin Husemann <martin@duskware.de>
From: Andrew Brown <atatat@atatdot.net>
List: current-users
Date: 06/29/2003 19:52:42

>> sendmail knows to deliver to "localhost".
>
>If this involves any kind of network address lookup, something is broken
>(IMHO). The whole scenario sounds very, very suboptimal. How many daemons and
>queues are involved, before a mail to "root" makes it to /var/mail/root?

iirc, local sendmail collection process stuffs into clientmqueue, and
then attempts delivery to smtp on localhost, where the sendmail daemon
stuffs it into mqueue and accepts it, then to run mail.local to put it
into root's inbox.  that's a total of two queues, and three programs.
the local collection program is going to look at the name "localhost",
as specified in the submit.cf file: "D{MTAHost}[127.0.0.1]".  the
sendmail daemon process is also going to examine alias databases and
forward files.

postfix, otoh, has a binary called sendmail that accepts local mail
and then invokes postdrop, which puts the message into the maildrop
directory, whence a pickup daemon retrieves it and passes it over to
to the cleanup daemon who stores it in the incoming queue.  at that
point a local daemon, the queue manager, moves it to the active queue
and then invokes the local delivery agent, who does final delivery
into root's inbox.  that's six programs and three queues.  the cleanup
daemon consults a few maps, and the queue manager does as well.  as i
understand it, the local delivery process deals with aliasing and
forwards, though i'm not pretending to be as conversant with postfix
as i am with sendmail.  i think, though, that i know enough to be
dangerous.  :)

they both work just fine, regardless of how the separation of
privileges is controlled, but they both require something to be
running at the middle of all of it.

>What about changing the default /etc/mailerconfig to only run mail.local?

!?

>(duck)

goose!

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
werdna@squooshy.com       * "information is power -- share the wealth."