Re: [PATCH 2/3] Security: Implement disablenetwork semantics. (v4)

From: David Wagner
Date: Thu Jan 14 2010 - 09:30:54 EST

Next message: Martin Schwidefsky: "[GIT PULL] s390 patches for 2.6.33-rc4"
Previous message: Arnaldo Carvalho de Melo: "[PATCH 1/2] perf tools: Don't cast RIP to pointers"
In reply to: Pavel Machek: "Re: [PATCH 2/3] Security: Implement disablenetwork semantics. (v4)"
Next in thread: Kyle Moffett: "Re: [PATCH 2/3] Security: Implement disablenetwork semantics. (v4)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Pavel Machek wrote:
>> On Tue, 12 Jan 2010 08:59:27 +0100, Pavel Machek said:
>> > Well, maybe, but mailer system where first user starts is as a daemon
>> > makes sense...
>>
>> Does it? How do you get port 25 open for listening if the first user isn't
>> root? Most *actual* schemes to "launch at first use" that require privs for
>> something have used inetd or similar - that program exists for a
>> *reason*.
>
>Remember sendmail is setuid root... so it already has the permissions.

sendmail hasn't been setuid root on my system for (what feels like)
a long time; rather, it is setgid to a special group.

$ ls -l /usr/sbin/sendmail.sendmail
-rwxr-sr-x 1 root smmsp 841528 2008-03-29 05:27 /usr/sbin/sendmail.sendmail*
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Martin Schwidefsky: "[GIT PULL] s390 patches for 2.6.33-rc4"
Previous message: Arnaldo Carvalho de Melo: "[PATCH 1/2] perf tools: Don't cast RIP to pointers"
In reply to: Pavel Machek: "Re: [PATCH 2/3] Security: Implement disablenetwork semantics. (v4)"
Next in thread: Kyle Moffett: "Re: [PATCH 2/3] Security: Implement disablenetwork semantics. (v4)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]