this is possibly true when you have users on the box that you don't trust.
If you are configureing a sealed mailserver or firewall this is a very
reasonable way to go as it allows sendmail to run as another user entirely
without making kernel changes. As for the case where you do have hostile
users, they still need to find a way to crash sendmail before putting in
their replacement (and learning what port to put it on, all other machines
think they are talking to port 25)
David Lang
On Sat, 17 Oct 1998, Olaf Titz wrote:
> Date: Sat, 17 Oct 1998 20:20:53 +0200
> From: Olaf Titz <olaf@bigred.inka.de>
> To: linux-kernel@vger.rutgers.edu
> Subject: Re: setting access rights to priviledged ports
>
> > >ipfwadm -I -a accept -r 10025 -p tcp -S 0.0.0.0/0 -D (youtIP)/32 25
> > >
> > >set sendmail to use port 10025 and you are done.
>
> Not good. Everyone can bind to that high port, so when sendmail is not
> running, any luser could set up his own and steal peoples' mail.
>
> olaf
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.rutgers.edu
> Please read the FAQ at http://www.tux.org/lkml/
>
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQEVAwUBNimAXT7msCGEppcbAQGibQgAkzrCJfHOCXAhIB+ty/dSgyKTpyLHb32p
eTRyiUq9yHAPyNCOsU6h7wVfbtIYbh3TMW92WPiFEPgLdlyRWjCfPxE19w9eL6ob
PcfrZxL3rpuPpdExO8I9Hhv7aU0EtijpsujwErdgV4S21G5u7EAX3yOHiwTbflvx
lTggxDNc7n5cvXVEYh6qWkbB/J965QS2MkGtPS56u5PzxhOf/j9UK5ftk9AUV5rB
aqRxFqWMkpXXwsIdUcZ5B8j/0esQVzrRARTFs7txr8qI+xEecd+PPLmdHf9oqltC
lEO+4D+fBe6VGj3iEyjH31CMssZWR5Qq6EIbQb/jvnpclr2tKXg7AQ==
=ZhoA
-----END PGP SIGNATURE-----
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/