Hi,
some days ago another guy mentioned that he has detected wrong permissions
on his RedHat system using
qmail at the wrapper "/usr/sbin/sendmail".
I have reproduced this on 2 systems:
Scenario:
RedHat 6.2 (including linuxconf 1.17r2)
sendmail-RPM deinstall
qmail-SRPM build and install
After original Qmail installation:
/usr/sbin/sendmail 0755 root:qmail
After adding a user with "linuxconf":
/usr/sbin/sendmail 6755 root:root (suid,sgid!)
That's really not Qmails intention that the wrapper runs now with suid root...
So ***everyone using Qmail (or postfix also) on RedHat systems should do
following check***:
1) Test if sendmail-RPM is really not installed:
[root@mail /root]# rpm -qi sendmail
package sendmail is not installed
2) check permissions of wrapper binary "/usr/sbin/sendmail"
[root@mail /root]# ls -al /usr/sbin/sendmail
BAD: -rwsr-sr-x 1 root root 9748 Apr 27 20:13
/usr/sbin/sendmail
GOOD: -rwxr-xr-x 1 root mail 9748 Apr 27 20:13
/usr/sbin/sendmail
3) Re-secure, if BAD:
[root@mail /root]# chown root:mail /usr/sbin/sendmail
4) Turnarounds to prevent re-insecuring:
* do not use "linuxconf" anymore for adding users until RedHat has released
a new version which do no longer reset the owner/group/permissions of
"/usr/sbin/sendmail" (if it's not from the sendmail-RPM)
* setup a cron script with does 3) as often as possible (i.e. all hours or
shorter)
Peter
