qmail-lspawn is the one and only setuid root program in the entire suite
It does exactly two things:
Change its identity to the recipient user
What if someone runs qmail-lspawn manually?
Nothing; they could get the same effect by sending email to some user
In contrast, all of sendmail's giant, bloated, festering self runs as root
If there is a bug in sendmail, an attacker can often get root privilege
|Next||Copyright © 2004 M. J. Dominus|