The Configuration File

A number of security problems can be created by commands given carelessly in the configuration file. Such problems can be serious because sendmail starts to run as root, provided that it has not been given an unsafe command-line switch (such as -C; see -C) or an unsafe option (Section 24.2.4). It can continue as root until it delivers mail, whereupon it generally changes its identity to that of an ordinary user. When sendmail reads its configuration file, it can do so while it is still root. Consequently, as we will illustrate, when sendmail is improperly configured, it might be able to read and overwrite any file.

The F Command—File Form

The file form of the F configuration command (Section 22.1.2) can be used to read sensitive information. That command looks like this in the configuration file:

FX/path pat

This form is used to read class macro entries from files. It can cause problems through a misunderstanding of the scanf(3) pattern pat. The /path is the name of the file, and the optional pat is a pattern to be used by scanf(3) (Section 22.1.2.1).

To illustrate the risk of the pat, consider the following configuration file entry:

Fw/etc/myhostnames %[^#]

Normally, the F command reads only the first whitespace-delimited word from each line of the file. But if the optional pattern pat is specified, the F command instead reads one or more words from each line based on the nature of the pattern. The pattern is used by scanf(3) to extract words, and the specific ...

Get Sendmail, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.