The dbm and ndbm forms of the aliases(5) database files contain binary integers. As a consequence, those database files cannot be shared via network-mounted filesystems by machines of differing architectures. This is not a problem for Sleepycat db files.
The aliases file and database files can be used to circumvent system security if they are writable by the wrong users. Proper ownership and permissions are checked and enforced only by V8.9 and above sendmail. Restrictions on who can rebuild are enforced beginning with V8.11 sendmail.
Versions of sendmail that use the old-style dbm(3) libraries can cause overly long alias lines (greater than 1024 bytes) to be silently truncated. With the new databases, such as ndbm(3), a warning is printed. Note that V8 sendmail does not support old-style dbm(3) for this very reason.
Recursive (circular self-referencing) aliases are detected only when mail is being delivered. The sendmail program does not look for such alias loops when rebuilding its database.
Because of the way V8.8 sendmail and above lock the alias file for rebuilding on some operating systems, that file must be writable by root. If it is not, sendmail prints the following and skips the rebuild:
warning: cannot lock aliases: Permission denied
This can be a problem if the master alias file is shared via NFS because root is normally mapped to nobody.
|