sendmail 8.8.3 and DefaultUser and RunAsUser

[mikedoug () texas net (Michael Douglass)]

Question on sendmail 8.8.3 (and probably 8.8.[12]):

If you set:
DefaultUser to 99:6
RunAsUser to 99

Sure, sendmail does this... But it does *NOT* reset the group list!!!
> From Solaris 2.5.1 you can see the process credentials using
/usr/proc/pcreds.  Anyone?

(root) # ps -aef |fgrep sendmail
smtpuser  3200  3199  0 13:53:17 ?        0:00 /usr/lib/sendmail -bd -q1h
    root  3199     1  0 13:53:16 ?        0:00 /usr/lib/sendmail -bd -q1h

(root) # /usr/proc/bin/pcred 3200
3200:   e/r/suid=99  e/r/sgid=6
        groups: 1 0 2 3 4 5 6 7 8 9 12

(root) # /usr/proc/bin/pcred 3200
3199:   e/r/suid=0  egid=6 rgid=1 sgid=6
        groups: 1 0 2 3 4 5 6 7 8 9 12

This one is not too terribly important; it listens on the socket; when it
gets a connection it does the setuid/gid and handles the connection.  But
the group list remains the same and that should not (IMHO) occur in that
manner.

Comments?

Michael Douglass
Texas Networking, Inc.

 "Love does not consist in gazing at each other but in looking together in
  the same direction."
      Antoine de Saint-Exupery: Wind, Sand, and Stars, ch. 8 (1939).