| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <hin9q6$hvk$1@taverner.cs.berkeley.edu> Date: Thu, 14 Jan 2010 14:30:30 +0000 (UTC) From: daw@...berkeley.edu (David Wagner) To: linux-kernel@...r.kernel.org Subject: Re: [PATCH 2/3] Security: Implement disablenetwork semantics. (v4) Pavel Machek wrote: >> On Tue, 12 Jan 2010 08:59:27 +0100, Pavel Machek said: >> > Well, maybe, but mailer system where first user starts is as a daemon >> > makes sense... >> >> Does it? How do you get port 25 open for listening if the first user isn't >> root? Most *actual* schemes to "launch at first use" that require privs for >> something have used inetd or similar - that program exists for a >> *reason*. > >Remember sendmail is setuid root... so it already has the permissions. sendmail hasn't been setuid root on my system for (what feels like) a long time; rather, it is setgid to a special group. $ ls -l /usr/sbin/sendmail.sendmail -rwxr-sr-x 1 root smmsp 841528 2008-03-29 05:27 /usr/sbin/sendmail.sendmail* -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists