7 sendmail, you can enhance the security of writing
to files with the SafeFileEnvironment option. It is used like this:
O SafeFileEnvironment=path ?†? configuration file (V8.7 and later)
-OSafeFileEnvironment=path ?†? command line (V8.7 and later)
define(`confSAFE_FILE_ENV??,path) ?†? mc configuration (V8.7 and later)
The path is of type string and, if present, must be the full pathname of a directory. The
default, if either path or the entire option is missing, is NULL, causing this feature to be
ignored.
When preparing to save a message to a file, sendmail first obtains the permissions of that
file, if the file exists, and saves them (?§12.2.2 on page 466). The sendmail program uses
lstat(2) to obtain those permissions if it was compiled with HASLSTAT defined (?§3.4.12 on
page 114). Otherwise, it uses stat(2).
If the path for this option is non-NULL and nonempty, sendmail then precedes that
chroot(2) with a:
chroot(path)
* Through careful tuning and attention to details, you might be able to get a serviceable sendmail system to
run non-root. Others have done this, but details are not available as of this writing.
This is the Title of the Book, eMatter Edition
Copyright ?© 2007 O??™Reilly & Associates, Inc. All rights reserved.
24.9 Alphabetized Options | 1085
If the chroot(2) fails, sendmail prints the following error and bounces the mail message:
mailfile: Cannot chroot(path)
If the name of the file begins with path, that prefix is stripped after the chroot(2) and before
the fopen(3).
Pages:
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951