On Thu, Jan 14, 2010 at 10:52:55PM -0500, Sam Varshavchik wrote:
OK, it works when I put it in the first block, where it first does setuid()
because of the delivery mode. Then the subprocess gets the group mail.
You must be referring to the following.
After giving this another good
Josip Rodin writes:
On Thu, Jan 14, 2010 at 10:52:55PM -0500, Sam Varshavchik wrote:
OK, it works when I put it in the first block, where it first does setuid()
because of the delivery mode. Then the subprocess gets the group mail.
You must be referring to the following.
After giving this
On Wed, Jan 13, 2010 at 07:44:07PM -0500, Sam Varshavchik wrote:
Let's try the following patch. I do appreciate your help in testing it.
It's not easy for me to test all possible permutations of distro-specific
configurations, and platform-specific nuances, that float around.
diff -U3
On Wed, Jan 13, 2010 at 07:44:07PM -0500, Sam Varshavchik wrote:
Let's try the following patch. I do appreciate your help in testing it.
It's not easy for me to test all possible permutations of distro-specific
configurations, and platform-specific nuances, that float around.
diff -U3
Josip Rodin writes:
On Wed, Jan 13, 2010 at 07:44:07PM -0500, Sam Varshavchik wrote:
Let's try the following patch. I do appreciate your help in testing it.
It's not easy for me to test all possible permutations of distro-specific
configurations, and platform-specific nuances, that float
On Tue, Jan 12, 2010 at 08:02:31PM -0500, Sam Varshavchik wrote:
% id testmaildrop
uid=1006(testmaildrop) gid=1006(testmaildrop) groups=1006(testmaildrop)
uid=1006(testmaildrop) gid=0(root) groups=0(root)
That's the problem. After using -d, it changes the user but not the group.
Can you
Josip Rodin writes:
On Tue, Jan 12, 2010 at 08:02:31PM -0500, Sam Varshavchik wrote:
% id testmaildrop
uid=1006(testmaildrop) gid=1006(testmaildrop) groups=1006(testmaildrop)
uid=1006(testmaildrop) gid=0(root) groups=0(root)
That's the problem. After using -d, it changes the user but not the
On Wed, Jan 13, 2010 at 07:13:38AM -0500, Sam Varshavchik wrote:
% id testmaildrop
uid=1006(testmaildrop) gid=1006(testmaildrop) groups=1006(testmaildrop)
uid=1006(testmaildrop) gid=0(root) groups=0(root)
That's the problem. After using -d, it changes the user but not the group.
Can you
Josip Rodin writes:
On Wed, Jan 13, 2010 at 07:13:38AM -0500, Sam Varshavchik wrote:
Maybe, maybe not. Instead of invoking 'id' as a child process of
maildrop, try just having maildrop deliver a test message to a new
mailbox, and see what the ownership of the new file becomes.
That part is
On Mon, Jan 11, 2010 at 09:56:21PM -0500, Sam Varshavchik wrote:
Christoph Anton Mitterer writes:
On Sun, 2010-01-10 at 12:29 -0500, Sam Varshavchik wrote:
This depends on the maildrop configuration, but generally setgroupid
won't have any effect if maildrop is invoked as root, since maildrop
Josip Rodin writes:
On Mon, Jan 11, 2010 at 09:56:21PM -0500, Sam Varshavchik wrote:
Christoph Anton Mitterer writes:
On Sun, 2010-01-10 at 12:29 -0500, Sam Varshavchik wrote:
This depends on the maildrop configuration, but generally setgroupid
won't have any effect if maildrop is invoked as
On Tue, Jan 12, 2010 at 07:13:50AM -0500, Sam Varshavchik wrote:
# authtest mr...@courier-mta.com
Authentication succeeded.
Authenticated: mr...@courier-mta.com (uid 8, gid 12)
Home Directory: /var/spool/maildir/mrsam
Maildir: (none)
Quota: (none)
Encrypted
Josip Rodin writes:
On Tue, Jan 12, 2010 at 07:13:50AM -0500, Sam Varshavchik wrote:
# authtest mr...@courier-mta.com
Authentication succeeded.
Authenticated: mr...@courier-mta.com (uid 8, gid 12)
Home Directory: /var/spool/maildir/mrsam
Maildir: (none)
Quota:
On Tue, Jan 12, 2010 at 05:54:56PM -0500, Sam Varshavchik wrote:
Josip Rodin writes:
On Tue, Jan 12, 2010 at 07:13:50AM -0500, Sam Varshavchik wrote:
# authtest mr...@courier-mta.com
Authentication succeeded.
Authenticated: mr...@courier-mta.com (uid 8, gid 12)
Home Directory:
Josip Rodin writes:
On Tue, Jan 12, 2010 at 05:54:56PM -0500, Sam Varshavchik wrote:
Josip Rodin writes:
On Tue, Jan 12, 2010 at 07:13:50AM -0500, Sam Varshavchik wrote:
# authtest mr...@courier-mta.com
Authentication succeeded.
Authenticated: mr...@courier-mta.com (uid 8, gid 12)
On Sun, 2010-01-10 at 12:29 -0500, Sam Varshavchik wrote:
This depends on the maildrop configuration, but generally setgroupid won't
have any effect if maildrop is invoked as root, since maildrop will use the
userid specified by the -d option to set its running group and userid
anyway.
Christoph Anton Mitterer writes:
On Sun, 2010-01-10 at 12:29 -0500, Sam Varshavchik wrote:
This depends on the maildrop configuration, but generally setgroupid won't
have any effect if maildrop is invoked as root, since maildrop will use the
userid specified by the -d option to set its
Package: maildrop
Justification: user security hole
Severity: grave
Tags: security
Hi.
Not sure if this actually a hole or if I just misunderstand
something,... but:
In debian /usr/bin/maildrop ist installed:
-rwxr-sr-x 1 root mail 163k Nov 9 01:11 /usr/bin/maildrop
So I'd expect that the
On Sun, Jan 10, 2010 at 05:06:56PM +0100, Christoph Anton Mitterer wrote:
Not sure if this actually a hole or if I just misunderstand
something,... but:
In debian /usr/bin/maildrop ist installed:
-rwxr-sr-x 1 root mail 163k Nov 9 01:11 /usr/bin/maildrop
So I'd expect that the following
Josip Rodin writes:
On Sun, Jan 10, 2010 at 05:06:56PM +0100, Christoph Anton Mitterer wrote:
Not sure if this actually a hole or if I just misunderstand
something,... but:
In debian /usr/bin/maildrop ist installed:
-rwxr-sr-x 1 root mail 163k Nov 9 01:11 /usr/bin/maildrop
So I'd expect
20 matches
Mail list logo
