Sendmail, 3rd Edition by Bryan Costales

Synopsis

To perform most kinds of delivery in a safe manner, sendmail must be able to change its root identity to that of another user, deliver as that user, and then restore its identity to root. The preferred method for doing this is with the V1 POSIX seteuid(2) routine. To determine whether your system correctly supports this routine, compile and run the program test/t_seteuid.c. The compiled binary must be suid-root and must be executed by an ordinary user:

# cc t_seteuid.c
# chmod u+s a.out
# suspend
% ./a.out
... lots of output here
This system cannot use seteuid

Here the output shows failure, so you do not have seteuid(2) support. Beginning with V8.8, a.out prints the following on success:

It is safe to define USESETEUID on this system

If the output had not shown failure or had shown success (if you had usable seteuid(2) support), you could take advantage of that support by defining USESETEUID in sendmail/conf.h (or include/sm/conf.h for V8.12 and above). In general, USESETEUID is correctly defined for all systems that can take advantage of this seteuid support.

If seteuid(2) failed, you need to investigate using setreuid(2) instead:

# cc t_setreuid.c
# chmod u+s a.out
# suspend
% ./a.out initial uids (should be 678/0): r/euid=678/0 after setreuid(0, 1) (should be 0/1): r/euid=0/1 after setreuid(-1, 0) (should be 0/0): r/euid=0/0 after setreuid(realuid, 0) (should be 678/0): r/euid=678/0 after setreuid(0, 2) (should be 0/2): r/euid=0/2 after setreuid(-1, 0) (should ...