Don’t Blame sendmail

In DontBlameSendmail on page 1009, we describe the DontBlameSendmail option, which can be used to allow looser permissions. We mention this option here because its misuse can lead to a weakening of security.

Consider a site where you use group permissions to allow system administrators to edit :include: files, rather than allowing them to do so by becoming root. Note that these mailing lists include archive files—that is, entries that append messages to archive files.

Unless you tell sendmail otherwise, it will refuse to run programs listed in such group-writable :include: files, and also refuse to append to any files listed in such :include: files (append to archive files). Every time mail is sent to such a mailing list, sendmail will log the following warning:

/path: group writable :include: file, marked unsafe

You can prevent this warning and allow running of disallowed programs and appending to disallowed files by declaring the DontBlameSendmail option in your mc configuration file:

define(`confDONT_BLAME_SENDMAIL', `GroupWritableIncludeFileSafe')

This declaration tells sendmail that you consider it safe to append to archive files from inside :include: files, even when the :include: file is group-writable. The result is that you have streamlined your department’s operation, but you have done so at the price of security.

The sendmail program is paranoid about group-writable permissions because such permissions open the door to intrusion by insiders. Group permissions ...

Get sendmail, 4th Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.