Re: reporting local security problems (was: for WinNT)

[Claus Assmann <ca+bugtraq () ZARDOC ENDMAIL ORG>]

On Fri, Aug 11, 2000, der Mouse wrote:

> Unfortunately it also finds non-problems too.  I have a system on which
> the directories in the path leading to the aliases files are
> group-writeable, by design.  (The system has all of two users, both of
> whom are trusted.)  Sendmail kvetches about this every time I run
> newaliases - I consider it broken for it to arrogate to itself the
> right to tell me how my system should be set up, or that something like
> this is a problem, and if it refused to run, or if it complained more
> often or more verbosely, I would fix it (or, perhaps, switch).

sendmail allows you to override most of it's safety checks.
See doc/op/op.{me,ps}, look for
      DontBlameSendmail=option,option,...
                    DontWarnForwardFileInUnsafeDirPath
                    ForwardFileInUnsafeDirPath
                    ForwardFileInUnsafeDirPathSafe
                    ForwardFileIngroupWritableDirPath
                    GroupWritableForwardFileSafe
and many more...

sendmail just has been blamed too often for misconfigured systems
("My /etc is world writable and now someone got root access using
sendmail") that's why all of these checks are in there.