Re: [Dspam-user] Directory permissions...

Stevan Bajić Tue, 08 Dec 2009 03:32:13 -0800

On Mon, 07 Dec 2009 21:01:15 -0700
"Nathanael D. Noblet" <[email protected]> wrote:


> On 12/07/2009 04:27 PM, Stevan Bajić wrote:
> > On Mon, 07 Dec 2009 11:47:46 -0700
> > "Nathanael D. Noblet"<[email protected]>  wrote:
> >
> >> Hello,
> >>
> >>     Working on the dspam rpm for fedora,
> >>
> > Still? They still have not accepted the submission?
> >
> >
> >> and I'm wondering if these
> >> directory permissions are really required...
> >>
> >> dspam.x86_64: E: non-standard-dir-perm /var/lib/dspam 0770
> >>
> > What is non-standard about 770?
> >
> >
> >> dspam.x86_64: E: non-standard-dir-perm /var/run/dspam 02511
> >>
> >> Couldn't they both be the standard 0755?
> >>
> > I don't think so. But it all depends what you want to do.
> >
> > In /var/lib/dspam is probably your DSPAM_HOME. Not protecting that against 
> > world is pretty insane. Or do you want to tell me that in Fedora 
> > /var/lib/mysql, /var/lib/postfix, /var/lib/dovecot, etc all have 755? 
> > Really?
> 
> Yup... There are exceptions, however they need to be justified, it has 
> been sooo long since I played with the dspam internals. I don't remember 
> all it needed to be able to do.
> 
> [g...@iridium ~]$ ls -l /var/lib/
> total 220
> drwxr-xr-x.  2 root       root       4096 2009-12-07 14:56 alternatives
> drwxr-x---.  2 asterisk   asterisk   4096 2009-11-19 09:06 asterisk
> drwx------.  3 root       root       4096 2009-11-11 13:21 authconfig
> drwxr-xr-x.  4 torrent    torrent    4096 2009-07-24 17:10 bittorrent
> drwxr-xr-x.  2 root       root       4096 2009-11-16 03:14 bluetooth
> drw-------+  5 root       root       4096 2009-07-24 20:10 certmaster
> drwxr-xr-x.  2 clamupdate clamupdate 4096 2009-12-07 19:06 clamav
> drwxr-xr-x.  2 root       root       4096 2009-07-24 23:06 cs
> drwx------.  2 apache     apache     4096 2009-10-27 13:16 dav
> drwxr-xr-x.  2 root       root       4096 2009-10-07 17:04 dbus
> drwxr-xr-x.  2 root       root       4096 2009-10-30 04:10 dhclient
> drwxr-xr-x.  3 root       root       4096 2009-07-25 01:53 dirmngr
> drwxr-xr-x.  2 root       root       4096 2009-10-05 04:31 dnsmasq
> drwxr-xr-x.  2 root       root       4096 2009-07-25 12:44 fprint
> drwxr-xr-x+  2 root       root       4096 2009-07-25 13:52 func
> drwxr-xr-x.  3 root       root       4096 2009-11-03 16:23 games
> drwxrwx--T. 10 gdm        gdm        4096 2009-12-02 13:34 gdm
> drwxr-xr-x.  2 root       root       4096 2009-08-21 08:09 htdig
> drwxr-x---. 16 cyrus      mail       4096 2009-12-04 05:38 imap
> drwxr-xr-x.  2 root       root       4096 2009-11-06 10:08 misc
> drwxr-x---.  2 root       slocate    4096 2009-12-07 03:07 mlocate
> drwxrwsr-x.  4 root       mock       4096 2009-12-01 09:37 mock
> drwxr-xr-x. 34 mysql      mysql      4096 2009-12-02 13:34 mysql
>
this here surprises me. MySQL data directory is world readable? Really? In 
Fedora this is the default?


> drwxr-xr-x.  2 root       root       4096 2009-09-29 04:23 net-snmp
> drwxr-xr-x.  5 root       root       4096 2009-11-19 09:29 nfs
> drwxr-xr-x.  2 ntp        ntp        4096 2009-12-07 20:34 ntp
> drwxr-xr-x.  2 root       root       4096 2009-12-07 14:57 PackageKit
> drwxr-xr-x.  3 root       root       4096 2009-11-20 10:55 php
> drwxr-xr-x.  2 root       root       4096 2009-11-10 13:23 plymouth
> drwxrwx---.  2 root       polkituser 4096 2009-10-24 19:45 PolicyKit
> drwx------.  3 root       root       4096 2009-10-20 07:44 polkit-1
> drwx------.  2 postfix    root       4096 2009-09-16 07:37 postfix
> drwx------.  2 pulse      pulse      4096 2009-11-22 21:50 pulse
> -rw-------.  1 root       root        512 2009-12-02 13:34 random-seed
> drwxr-xr-x.  2 root       root       4096 2009-10-13 04:24 readahead
> drwx------.  2 rpc        rpc        4096 2009-07-28 12:18 rpcbind
> drwxr-xr-x.  2 root       root       4096 2009-12-03 12:47 rpm
> drwxr-xr-x.  7 root       root       4096 2009-11-11 18:44 samba
> drwxr-xr-x.  2 root       root       4096 2009-11-11 14:59 selinux
> drwxr-xr-x.  2 root       root       4096 2009-11-21 16:41 sepolgen
> drwxr-xr-x.  4 root       root       4096 2009-10-27 14:25 stateless
> drwxr-xr-x.  7 root       root       4096 2009-11-09 15:30 texmf
> drwxr-xr-x.  3 root       root       4096 2009-11-11 06:15 udev
> drwxr-xr-x.  2 webalizer  root       4096 2009-12-07 03:06 webalizer
> drwxr-xr-x.  2 root       root       4096 2009-08-03 12:48 xdm
> drwxr-xr-x.  2 root       root       4096 2009-12-02 13:34 xkb
> drwxr-xr-x.  4 root       root       4096 2009-12-07 14:57 yum
> 
So that 770 of DSPAM is not that uncommon. If I look at your permissions then I 
at least see others having as well not a 755:
drw-------  5 root       root       4096 2009-07-24 20:10 certmaster
drwx------  2 apache     apache     4096 2009-10-27 13:16 dav
drwx------  2 postfix    root       4096 2009-09-16 07:37 postfix
drwx------  2 pulse      pulse      4096 2009-11-22 21:50 pulse
drwx------  2 rpc        rpc        4096 2009-07-28 12:18 rpcbind
drwx------  3 root       root       4096 2009-10-20 07:44 polkit-1
drwx------  3 root       root       4096 2009-11-11 13:21 authconfig
drwxr-x---  2 asterisk   asterisk   4096 2009-11-19 09:06 asterisk
drwxr-x---  2 root       slocate    4096 2009-12-07 03:07 mlocate
drwxr-x--- 16 cyrus      mail       4096 2009-12-04 05:38 imap
drwxrwx---  2 root       polkituser 4096 2009-10-24 19:45 PolicyKit

And it makes sense to not have 755 on those. And it makes sense too to not have 
755 for DSPAM. We could have 755 for /var/lib/dspam but /var/lib/dspam/data 
SHOULD NOT have 755. If you have 755 for /var/lib/dspam then one could read the 
logs of DSPAM. So the highest information leak there would be the subject of 
every message processed by dspam. And should you have turned on debug then 
whole messages could be read as well. And I find that it's easier to say from 
the beginning that /var/lib/dspam should not be world readable. Then you don't 
need to make a difference between debug enabled/disabled, etc... it is just not 
world readable because it really does not need to be world readable.


> >
> > What do you have under /var/run/dspam? Just the daemon socket? Or anything 
> > else? That suid is normally not needed. But I need to know what you have 
> > installed in /var/run/dspam to be able to say a final word.
> 
> Could you tell me when it would be needed, and I can see if that should 
> be the 'common' fedora case. If it isn't common then I'll not set it 
> suid, and if someone needs to change their config for that case they can 
> do so. Making something setuid manually at least informs the user of the 
> fact that it will be running 'differently' as opposed to by default 
> running with higher privileges.
> 
Actually only the dspam binary is using that reading/writing to that socket. 
But should you have instructed DSPAM to listen in LMTP mode then any other LMTP 
aware application could send stuff to DSPAM and then the socked should be open 
for others. But to be honest: The suid stuff is not needed on that socket. You 
can remove 2511 from that directory. Only the dspam binary needs to be set to 
2511 but not the socket.

> ------------------------------------------------------------------------------
> Return on Information:
> Google Enterprise Search pays you back
> Get the facts.
> http://p.sf.net/sfu/google-dev2dev
> _______________________________________________
> Dspam-user mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/dspam-user

------------------------------------------------------------------------------
Return on Information:
Google Enterprise Search pays you back
Get the facts.
http://p.sf.net/sfu/google-dev2dev
_______________________________________________
Dspam-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspam-user

Re: [Dspam-user] Directory permissions...

Reply via email to