On Saturday 01 May 2004 12:25 pm, you wrote:
>
> >> 2. Is checkvpw suid root? Note that DJB's checkpassword needs to be
> >> suid
> >> root for Binc, which is fine because it takes great care to ensure the
> >> user has authenticated before executing a command. I haven't looked at
> >> checkvpw to see what it does to ensure that it can not be used to gain
> >> arbitrary access to your system.
> >
> > errr .... why would it need to be setuid root? Normally you run your
> > pop3/imap servers as root.....
>
> Because bincimap-up suid's to nobody (or what ever you set "jail user" as
> in the config file).
err......
Security {
jail path = "/var/bincimap/bin",
jail user = "nobody",
jail group = "nobody"
}
[EMAIL PROTECTED] ~ $ ls -l /var/bincimap/bin/authwrapper
-rwxr-xr-x 1 root root 56 Mar 8
23:20 /var/bincimap/bin/authwrapper*
[EMAIL PROTECTED] ~ $ ls -l /usr/local/bin/checkvpw
-rwxr-xr-x 1 root root 848982 Mar 17
12:18 /usr/local/bin/checkvpw*
Mine's not setuid root and it works just fine...
-Jeremy
--
Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc.
[EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 847.492.0470 int'l
kitchen @ #qmail on EFNET ++ scriptkitchen.com/qmail
