USESETEUID
Support seteuid(2) identity changes Port, edit sendmail/conf.h
To perform most kinds of delivery in a safe manner, sendmail must be able to change its root identity to that of another user, deliver as that user, and then restore its identity to root. The preferred method for doing this is with the V1 POSIX seteuid(2) routine. To determine whether your system correctly supports this routine, compile and run the program test/t_seteuid.c. The compiled binary must be suid-root and must be executed by an ordinary user:
#cc t_seteuid.c
#chmod u+s a.out
#suspend
%./a.out
... lots of output here This system cannot use seteuid
Here the output shows failure, so you do not have seteuid(2) support. Beginning with V8.8, a.out prints the following on success:
It is safe to define USESETEUID on this system
If the output had not shown failure or had shown success (if you had usable seteuid(2) support), you could take advantage of that support by defining USESETEUID in sendmail/conf.h (or include/sm/conf.h for V8.12 and above). In general, USESETEUID is correctly defined for all systems that can take advantage of this seteuid support.
If seteuid(2) failed, you need to investigate using setreuid(2) instead:
#cc t_setreuid.c
#chmod u+s a.out
#suspend
%./a.out
initial uids (should be 678/0): r/euid=678/0 after setreuid(0, 1) (should be 0/1): r/euid=0/1 after setreuid(-1, 0) (should be 0/0): r/euid=0/0 after setreuid(realuid, 0) (should be 678/0): r/euid=678/0 after setreuid(0, 2) (should ...
Get sendmail, 4th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.