The Configuration File
A number of security problems can be created by commands given
carelessly in the configuration file. Such problems can be serious
because sendmail starts to run as
root, provided that it has not been given an
unsafe command-line switch (such as -C
; see -C) or an unsafe option (Section 24.2.4). It can continue as root
until it delivers mail, whereupon it generally changes its identity
to that of an ordinary user. When sendmail reads
its configuration file, it can do so while it is still
root. Consequently, as we will illustrate, when
sendmail is improperly configured, it might be
able to read and overwrite any file.
The F Command—File Form
The file form of the
F
configuration command (Section 22.1.2) can be used to read sensitive information.
That command looks like this in the configuration file:
FX/path pat
This form is used to read class macro entries from files. It can
cause problems through a misunderstanding of the
scanf(3) pattern pat
.
The /path
is the name of the file, and the
optional pat
is a pattern to be used by
scanf(3) (Section 22.1.2.1).
To illustrate the risk of the pat
,
consider the following configuration file entry:
Fw/etc/myhostnames %[^#]
Normally, the F
command reads only the first
whitespace-delimited word from each line of the file. But if the
optional pattern pat
is specified, the
F
command instead reads one or more words from
each line based on the nature of the pattern. The pattern is used by
scanf(3) to extract words, and the specific ...
Get Sendmail, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.