On Thu, 30 Dec 2004 10:16:05 +0100, Thomas Mueller <[EMAIL PROTECTED]> wrote: > I've secured my system by using RSBAC and gave daemons only minimum > required rights:: > > Dec 30 07:53:34 geht-schon kernel: check_comp_rc(): pid 5244 > (dbmail-lmtpd), owner 102, rc_role 70, FILE rc_type 4, request EXECUTE > -> NOT_GRANTED! > Dec 30 07:53:34 geht-schon kernel: rsbac_adf_request(): request EXECUTE, > pid 5244, ppid 24743, prog_name dbmail-lmtpd, uid 102, target_type FILE, > tid Device 09:01 Inode 32380 Path /bin/bash, attr none, value 0, result > NOT_GRANTED by RC > > dbmail-lmtpd tries to execute /bin/bash ?? Why? > > There's nothing special in the logs: > Dec 30 07:53:33 geht-schon dbmail/lmtpd[24743]: PerformChildTask(): > incoming connection from [127.0.0.1 (localhost)] > Dec 30 07:53:34 geht-schon dbmail/lmtpd[24743]: sort.c, > sort_and_deliver: message id=331614, size=1545 is inserted > Dec 30 07:53:34 geht-schon dbmail/lmtpd[24743]: pool.c,child_unregister: > child [24743] unregistered > > That happens frequently, for every 50th-100th message that is inserted. > Execution of /bin/bash was denied but everything worked fine I think. >
I'm guessing this is used for opening a pipe to sendmail for forwarding. Ilja
