Sendmail can be safely restricted to a non-root environment when local delivery is not used by setting the following variable:
Configuration files and queues must be adjusted accordingly. Local delivery can still be performed if the Local Delivery Agent (like Procmail or Maildrop) is setuid (and, more importantly, is meant to be executed that way; the mere setuid flag is not enough and applying it blindly is the mother of all *NIX local exploits).
Otherwise, for safe local delivery, you need a root process and a setgid binary. Using root in this case actually increases security since it allows the mail server to drop privileges and parse forward (user-configured forward to an email address or program) files as the target user, which is the safest way to do it.
So you have the choice of shifting the privilege elevation (or privilege dropping from root to other users) from a setuid Local Delivery Agent invoked by an unprivileged MTA to a root setgid MTA. The setgid bit we mention is used for allowing local users to write on the local queue when sending to other local users.
Note that when delivering to a program, you can restrict the execution path. You can configure Sendmail to use its own restricted shell, called smrsh, which applies restrictions to the acceptable commands and avoids common shell attacks. Refer to the smrsh man page for usage. It can be enabled as a feature with the following directive:
You can also configure Postfix's local delivery to use a restricted shell with the local command shell variable.
Was this article helpful?
Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.