Sendmail 8.9.3 Release Notes
Chapter 1 13
New and Changed Features
New Features
• DontBlameSendmail
This option is used to enforce security check on the mode of files on
which sendmail operates (reads/writes). For example, by default
sendmail will refuse to read most files that are group writable on the
grounds that they might have been tampered with by someone other
than the owner. It will even refuse to read files in group-writable
directories if the above option is set. However, if the user is sure that
his configuration is safe and wants sendmail to avoid the security
checks, he can do so by unsetting the above option.
The default value of this option is "safe", wherein sendmail will check
modes and permissions of all the files that it operates on. This is hard
coded in the binaries. If this value is not reset in the sendmail.cf with
any of the values mentioned below even if this option is commented in
the sendmail.cf file sendmail will check the modes and permissions of
the files it accesses. The values set in the sendmail.cf file take
precedence over the default hard coded "safe" value.
This option is set using:
O DontBlameSendmail=option1, option2 ......
Listed below are the various values with which the above option can
be set. Depending on the option(s) with which the above option is set,
Sendmail performs those security checks while avoiding all others.
The above option can be set with more than one of the values listed
below. The values have to be separated with commas as shown below:
ODontBlameSendmail=AssumeSafeChown,ClassFileInUnsafeDirPath
List of values and their function is listed below.
Table 1-2
Value Description
Safe Allow the files only in safe
directory
AssumeSafeChown Assumes that the "chown"
system call is restricted to
root.
ClassFileInUnsafeDirPath Allow class file that are in
unsafe directories.