We recommend:
O SafeFileEnvironment=/path ?†? configuration file
define(`confSAFE_FILE_ENV??, `/path??) ?†? mc configuration
This takes care of both security enhancements. Of course, you will need to create the
directory specified in /path and populate it with the appropriate files.
Note that, just before appending to a file, sendmail does a chroot(2) into /path. As
a consequence, an entry such as the following requires that the full path exist,
such as /path/admin/mail:
bob: \bob, /admin/mail/bob.archive
But sendmail is also clever, and if an aliases pathbegins withth e same pathas the
SafeFileEnvironment path, and that latter path is removed before the write:
bob: \bob, /path/admin/mail/bob.archive
Here, because the SafeFileEnvironment option specifies /path, sendmail will perform
the chroot(2) into /path, then will strip /path from the aliases file entry to form
/admin/mail.
If all you want to do is prevent writing to directories and devices, and if you do not
want to place all files in a special path, you can accomplish this by defining /path as
the root directory:
O SafeFileEnvironment=/
4.8.2.9 The TempFileMode and QueueFileMode options
The TempFileMode option (?§24.9.118 on page 1097) specifies the mode (file permissions)
to give all temporary files and queue files. Beginning withV8.12, the
QueueFileMode option (?§24.
Pages:
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347