Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 78223 - Milters should not run with root privilegies
Summary: Milters should not run with root privilegies
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: sendmail
Version: 8.0
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Florian La Roche
QA Contact: David Lawrence
Depends On:
TreeView+ depends on / blocked
Reported: 2002-11-20 11:03 UTC by Petr Krištof
Modified: 2007-04-18 16:48 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2003-01-12 11:31:13 UTC

Attachments (Terms of Use)

Description Petr Krištof 2002-11-20 11:03:29 UTC
It is better to compile sendmail to do not allow run milters
with root privilegies.

Im suggest to add -D_FFR_MILTER_ROOT_UNSAFE.

Cut from libmilter/README:
Note: we strongly recommend not to run any milter as root.  Libmilter
does not need root access to communicate with sendmail.  It is a
good security practice to run a program only with root privileges
if really necessary.  A milter should probably check first whether
it runs as root and refuse to start in that case.  There is a
compile time option _FFR_MILTER_ROOT_UNSAFE which keeps libmilter
from unlinking a socket when running as root.  It is recommended
to turn on this option:


Comment 1 Florian La Roche 2003-01-12 11:31:13 UTC
added to sendmail-8.12.7-3 or newer


Florian La Roche

Note You need to log in before you can comment on or make changes to this bug.