NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Vuln-Dev> 2002-q3

From: Michal Zalewski (lcamtufcoredump.cx)
Date: Thu Jul 04 2002 - 13:22:55 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 4 Jul 2002, Amanda Jones wrote:

> If your firewall can do port forwarding then you can easily do this
> yourself for most services. Just have the firewall forward port 25 to
> say 2025 and let sendmail run on 2025.

Yes, but your MTA process most likely still needs root privileges to
expand certain aliases, read .forward files, perhaps access user-owned
maildirs / mailboxes.

If your MTA is modular, at best you can run the listener part as non-root
user, but it isn't the most vulnerable piece of code anyway - message
parsing, address expansion, actual delivery are most risky operations.

-- 
_____________________________________________________
Michal Zalewski [lcamtufbos.bindview.com] [security]
[http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};:
=-=> Did you know that clones never use mirrors? <=-=
          http://lcamtuf.coredump.cx/photo/

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]