SafeFileEnvironment

Previous page
Table of content
Next page
SafeFileEnvironment
Directory for safe file writes V8.7 and later

For security it is desirable to control the manner and circumstances under which messages are delivered to files. Beginning with V8.7 sendmail you can enhance the security of writing to files with the SafeFileEnvironment option. It is used like this: 

 O SafeFileEnvironment=  path    configuration file (V8.7 and later)  -OSafeFileEnvironment=  path    command line (V8.7 and later)  define(`confSAFE_FILE_ENV',  path)    mc configuration (V8.7 and later)

The path is of type string and, if present, must be the full pathname of a directory. The default, if either path or the entire option is missing, is NULL, causing this feature to be ignored.

When preparing to save a message to a file, sendmail first obtains the permissions of that file, if the file exists, and saves them (Section 12.2.2). The sendmail program uses lstat (2) to obtain those permissions if it was compiled with HASLSTAT defined (HAS...). Otherwise, it uses stat (2).

If the path for this option is non-NULL and nonempty , sendmail then precedes that chroot (2) with a: 

 chroot(  path  )

If the chroot (2) fails, sendmail prints the following error and bounces the mail message: 

 mailfile: Cannot chroot(  path  )

If the name of the file begins with path , that prefix is stripped after the chroot (2) and before the fopen (3).

For example, consider the need to safely store all mail archive files on the mail hub in a directory called /archives . You would first create this configuration declaration: 

 O SafeFileEnvironment=/archives

Then every file archive notation in the aliases database should be changed to reference this base directory: [59]

[59] This is not strictly necessary. Both /archives/admin/log and /admin/log will work equally well. The former, however, is preferred for clarity. 

 adminlist:   :include:/usr/local/maillists/admin.list,              /archives/admin/log

For safety, sendmail will henceforth chroot (2) into the /archives directory before delivering to any files. Note that this SafeFileEnvironment option affects all writes to files, so a user 's ~/.forward entry (such as the following) will become relative to /archives and so might fail depending on your specific setup: 

 /u/bill/tmp/incoming   written as /archives/u/bill/tmp/incoming

The SafeFileEnvironment option also causes sendmail to verify that the file that is being written to is a plain file. If it is anything else, sendmail prints the following error and bounces the messages: 

 /dev/tty... Can't create output: Error 0

Here, an attempt to dump the message to /dev/tty failed because sendmail discovered it was a device rather than an ordinary file. But note that beginning with V8.8, it is always legal to write to the special device named /dev/null .

The SafeFileEnvironment option is not safe. If specified from the command line, it can cause sendmail to relinquish its special privileges.


Previous page
Table of content
Next page
Sendmail
sendmail, 4th Edition
ISBN: 0596510292
EAN: 2147483647
Year: 2002
Pages: 1174
Authors: Bryan Costales, Claus Assmann, George Jansen, Gregory Neil Shapiro
BUY ON AMAZON
Certified Ethical Hacker Exam Prep
Software Configuration Management
Java How to Program (6th Edition) (How to Program (Deitel))
C & Data Structures (Charles River Media Computer Engineering)
An Introduction to Design Patterns in C++ with Qt 4
After Effects and Photoshop: Animation and Production Effects for DV and Film, Second Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy