USENIX Conference Policies
Sendmail Without the Superuser
Mark E. Carson, IBM Corporation
As an exercise in the application of the concept of least privilege, we have modified the pieces of an ordinary UNIX* mail system, sendmail in particular, to require little or no privilege in their operation. No mail code runs with root or system IDs. In fact, the simplest configuration (local-only mail, with or without mandatory access controls) can run with no privilege or special access rights whatsoever, while even the most complex (multilevel network mail) can be done with minimal privilege requirements. While such modifications cannot guarantee the absence of security holes in mail, they should greatly limit their possible scope.
BibTeX
@inproceedings {260254,
author = {Mark E. Carson},
title = {Sendmail Without the Superuser},
booktitle = {4th UNIX Security Symposium (UNIX Security 93)},
year = {1993},
address = {Santa Clara, CA },
url = {https://www.usenix.org/conference/4th-unix-security-symposium/sendmail-without-superuser},
publisher = {USENIX Association},
month = oct
}
author = {Mark E. Carson},
title = {Sendmail Without the Superuser},
booktitle = {4th UNIX Security Symposium (UNIX Security 93)},
year = {1993},
address = {Santa Clara, CA },
url = {https://www.usenix.org/conference/4th-unix-security-symposium/sendmail-without-superuser},
publisher = {USENIX Association},
month = oct
}