Re: MTAs
On the other hand, if exim is run from inetd (as I do), does it still need to be suid root? Since inetd runs root anyway, there should well this is not a problem. (x)inet works by using stdin/stdout rather than network ports. This is why you have to tell whatever service you are superserving its being run from (x)inet. Hence you do not need to have root privilages as no ports are being opened, even if they were there would be an error as the os says sorry port already claimed or words to that effect. Please quote only the relevant part of the message you reply to. I do not know which part of my message you replied to since you quoted it all. There was only one question, though and I left that double quoted. Assuming you replied to this part, what do you mean by it being no problem? Exim running as root is no problem? Of course it is if it is not necessary to run! Programs should never (or at least as infrequently as possible) have extra priviledges. And even though inetd may be invulnerable to some exploit, exim may still be. Running exim from inetd does not prevent exploits from being exploited. The only things I can see we gain from using inetd are 1) there is only one daemon running (less memory consumed) and 2) only inetd _needs_ setuid root. If the communication between exim and inetd works fine without exim being suid root, then it should be possible to remove the bit from exim. Now my original question was: does it (exim) still need to be suid root? And the question still remains and depends (solely?) on whether it still can communicate with inetd. Inetd runs exim with mail's priviledges so giving mail access to any necessary directories is enough for exim to function - unless there are issues with the permissions of /var/spool/mail/insert your favourite username here. Now another question: are there? -- --- | Juha Jäykkä, [EMAIL PROTECTED]| | home: http://www.utu.fi/~juolja/ | --- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: MTAs
On Wed, Nov 21, 2001 at 12:56:53PM +0200, Juha J?ykk? wrote: On the other hand, if exim is run from inetd (as I do), does it still need to be suid root? Since inetd runs root anyway, there should bit from exim. Now my original question was: does it (exim) still need to be suid root? And the question still remains and depends (solely?) on whether it still can communicate with inetd. Inetd runs exim with I would assume no setuid-root exim is needed for it to communicate with inetd. mail's priviledges so giving mail access to any necessary directories is enough for exim to function - unless there are issues with the permissions of /var/spool/mail/insert your favourite username here. Now another question: are there? As long as /var/spool/mail/* is writable/owned by the 'mail' user I do not see a problem here. Also check /var/spool/mqueue... if also using outgoing e-mail -- Mark Janssen Unix Consultant @ SyConOS IT E-mail: [EMAIL PROTECTED] GnuPG Key Id: 357D2178 http: maniac.nl, unix-god.[net|org], markjanssen.[com|net|org|nl] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: MTAs
mail's priviledges so giving mail access to any necessary directories is enough for exim to function - unless there are issues with the permissions of /var/spool/mail/insert your favourite username here. Now another question: are there? As long as /var/spool/mail/* is writable/owned by the 'mail' user I do not see a problem here. Also check /var/spool/mqueue... if also using outgoing e-mail Well, lets try it shall we: [paul@marge ~] cd /usr/sbin [paul@marge sbin] su Password: [marge /usr/sbin]# ls -l exim -rwsr-xr-x1 root mail 430740 Jun 9 07:21 exim [marge /usr/sbin]# chmod 2755 exim [marge /usr/sbin]# ls -l exim -rwxr-sr-x1 root mail 430740 Jun 9 07:21 exim [marge /usr/sbin]# exit exit [paul@marge sbin] mail paul Subject: Test Does this work? . Cc: [paul@marge sbin] 2001-11-21 22:41:42 166Vl8-00017q-00 = [EMAIL PROTECTED] U=paul P=local S=327 2001-11-21 22:41:42 166Vl8-00017q-00 Unable to get root to set uid and gid for local delivery to paul: uid=1000 euid=1000 2001-11-21 22:41:42 166Vl8-00017q-00 Unable to get root to set uid and gid for local delivery to paul: uid=1000 euid=1000 It appears there is a problem, although arguably in the implementation. Source code anyone? -- Paul Haesler[EMAIL PROTECTED] ICQ: 124547085 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: MTAs
On Wed, Nov 21, 2001 at 10:45:24PM +1000, Paul Haesler wrote: snip . Cc: [paul@marge sbin] 2001-11-21 22:41:42 166Vl8-00017q-00 = [EMAIL PROTECTED] U=paul P=local S=327 2001-11-21 22:41:42 166Vl8-00017q-00 Unable to get root to set uid and gid for local delivery to paul: uid=1000 euid=1000 2001-11-21 22:41:42 166Vl8-00017q-00 Unable to get root to set uid and gid for local delivery to paul: uid=1000 euid=1000 It appears there is a problem, although arguably in the implementation. Source code anyone? -- Paul Haesler[EMAIL PROTECTED] ICQ: 124547085 There is some description of the setuid'ism in the exim manual - chapter 55. My quick scan of it revealed that setuid root is used for: - setting up a listening socked on port 25 (not required when run from inetd) - local deliveries (=writing to /var/mail ?) - reading .forward files (NFS considerations + .forward need not be world-readable and I wouldn't be surprised that setuid is required for running .procmailrc's too Hope this helps Cautionary note: No: I haven't read the source code. -- Karl E. Jørgensen [EMAIL PROTECTED] www.karl.jorgensen.com One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh msg04322/pgp0.pgp Description: PGP signature
Re: MTAs
On the other hand, if exim is run from inetd (as I do), does it still need to be suid root? Since inetd runs root anyway, there should well this is not a problem. (x)inet works by using stdin/stdout rather than network ports. This is why you have to tell whatever service you are superserving its being run from (x)inet. Hence you do not need to have root privilages as no ports are being opened, even if they were there would be an error as the os says sorry port already claimed or words to that effect. Please quote only the relevant part of the message you reply to. I do not know which part of my message you replied to since you quoted it all. There was only one question, though and I left that double quoted. Assuming you replied to this part, what do you mean by it being no problem? Exim running as root is no problem? Of course it is if it is not necessary to run! Programs should never (or at least as infrequently as possible) have extra priviledges. And even though inetd may be invulnerable to some exploit, exim may still be. Running exim from inetd does not prevent exploits from being exploited. The only things I can see we gain from using inetd are 1) there is only one daemon running (less memory consumed) and 2) only inetd _needs_ setuid root. If the communication between exim and inetd works fine without exim being suid root, then it should be possible to remove the bit from exim. Now my original question was: does it (exim) still need to be suid root? And the question still remains and depends (solely?) on whether it still can communicate with inetd. Inetd runs exim with mail's priviledges so giving mail access to any necessary directories is enough for exim to function - unless there are issues with the permissions of /var/spool/mail/insert your favourite username here. Now another question: are there? -- --- | Juha Jäykkä, [EMAIL PROTECTED]| | home: http://www.utu.fi/~juolja/ | ---
Re: MTAs
On Wed, Nov 21, 2001 at 12:56:53PM +0200, Juha J?ykk? wrote: On the other hand, if exim is run from inetd (as I do), does it still need to be suid root? Since inetd runs root anyway, there should bit from exim. Now my original question was: does it (exim) still need to be suid root? And the question still remains and depends (solely?) on whether it still can communicate with inetd. Inetd runs exim with I would assume no setuid-root exim is needed for it to communicate with inetd. mail's priviledges so giving mail access to any necessary directories is enough for exim to function - unless there are issues with the permissions of /var/spool/mail/insert your favourite username here. Now another question: are there? As long as /var/spool/mail/* is writable/owned by the 'mail' user I do not see a problem here. Also check /var/spool/mqueue... if also using outgoing e-mail -- Mark Janssen Unix Consultant @ SyConOS IT E-mail: [EMAIL PROTECTED] GnuPG Key Id: 357D2178 http: maniac.nl, unix-god.[net|org], markjanssen.[com|net|org|nl]
Re: MTAs
mail's priviledges so giving mail access to any necessary directories is enough for exim to function - unless there are issues with the permissions of /var/spool/mail/insert your favourite username here. Now another question: are there? As long as /var/spool/mail/* is writable/owned by the 'mail' user I do not see a problem here. Also check /var/spool/mqueue... if also using outgoing e-mail Well, lets try it shall we: [EMAIL PROTECTED] ~] cd /usr/sbin [EMAIL PROTECTED] sbin] su Password: [marge /usr/sbin]# ls -l exim -rwsr-xr-x1 root mail 430740 Jun 9 07:21 exim [marge /usr/sbin]# chmod 2755 exim [marge /usr/sbin]# ls -l exim -rwxr-sr-x1 root mail 430740 Jun 9 07:21 exim [marge /usr/sbin]# exit exit [EMAIL PROTECTED] sbin] mail paul Subject: Test Does this work? . Cc: [EMAIL PROTECTED] sbin] 2001-11-21 22:41:42 166Vl8-00017q-00 = [EMAIL PROTECTED] U=paul P=local S=327 2001-11-21 22:41:42 166Vl8-00017q-00 Unable to get root to set uid and gid for local delivery to paul: uid=1000 euid=1000 2001-11-21 22:41:42 166Vl8-00017q-00 Unable to get root to set uid and gid for local delivery to paul: uid=1000 euid=1000 It appears there is a problem, although arguably in the implementation. Source code anyone? -- Paul Haesler[EMAIL PROTECTED] ICQ: 124547085
Re: MTAs
On Wed, Nov 21, 2001 at 10:45:24PM +1000, Paul Haesler wrote: snip . Cc: [EMAIL PROTECTED] sbin] 2001-11-21 22:41:42 166Vl8-00017q-00 = [EMAIL PROTECTED] U=paul P=local S=327 2001-11-21 22:41:42 166Vl8-00017q-00 Unable to get root to set uid and gid for local delivery to paul: uid=1000 euid=1000 2001-11-21 22:41:42 166Vl8-00017q-00 Unable to get root to set uid and gid for local delivery to paul: uid=1000 euid=1000 It appears there is a problem, although arguably in the implementation. Source code anyone? -- Paul Haesler[EMAIL PROTECTED] ICQ: 124547085 There is some description of the setuid'ism in the exim manual - chapter 55. My quick scan of it revealed that setuid root is used for: - setting up a listening socked on port 25 (not required when run from inetd) - local deliveries (=writing to /var/mail ?) - reading .forward files (NFS considerations + .forward need not be world-readable and I wouldn't be surprised that setuid is required for running .procmailrc's too Hope this helps Cautionary note: No: I haven't read the source code. -- Karl E. Jørgensen [EMAIL PROTECTED] www.karl.jorgensen.com One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpzm8M6GwguZ.pgp Description: PGP signature
Re: MTAs
Juha J?ykk? [[EMAIL PROTECTED]] wrote: There is a small point of binding to port 25. Only root can do that. I have not looked at exim's code, but if run as a stand-alone daemon (i.e. not from inetd), I would guess it just opens the port as root and drops the priviledges right away. Someone who knows the code might want to confirm/rebuke this. On the other hand, if exim is run from inetd (as I do), does it still need to be suid root? Since inetd runs root anyway, there should be no need for exim to: the port is already bound when exim starts and exim will not be able to bind to it anyway. Just wondering if I should do some dpkg-statoverrides. well this is not a problem. (x)inet works by using stdin/stdout rather than network ports. This is why you have to tell whatever service you are superserving its being run from (x)inet. Hence you do not need to have root privilages as no ports are being opened, even if they were there would be an error as the os says sorry port already claimed or words to that effect. Alex -- _ ( BOFH excuse #440: ) ( ) ( Cache miss - please take better aim ) ( next time ) - o ^__^ o (oo)\___ (__)\ )\/\ ||w | || || msg04308/pgp0.pgp Description: PGP signature
Re: MTAs
Juha J?ykk? [EMAIL PROTECTED] wrote: There is a small point of binding to port 25. Only root can do that. I have not looked at exim's code, but if run as a stand-alone daemon (i.e. not from inetd), I would guess it just opens the port as root and drops the priviledges right away. Someone who knows the code might want to confirm/rebuke this. On the other hand, if exim is run from inetd (as I do), does it still need to be suid root? Since inetd runs root anyway, there should be no need for exim to: the port is already bound when exim starts and exim will not be able to bind to it anyway. Just wondering if I should do some dpkg-statoverrides. well this is not a problem. (x)inet works by using stdin/stdout rather than network ports. This is why you have to tell whatever service you are superserving its being run from (x)inet. Hence you do not need to have root privilages as no ports are being opened, even if they were there would be an error as the os says sorry port already claimed or words to that effect. Alex -- _ ( BOFH excuse #440: ) ( ) ( Cache miss - please take better aim ) ( next time ) - o ^__^ o (oo)\___ (__)\ )\/\ ||w | || || pgpHHjx3eOMjw.pgp Description: PGP signature
Re: MTAs
I don't know much about exim's guts, but is there a point in starting it as mail if it's SUID root? -rwsr-xr-x1 root root 466308 sie 15 01:13 /usr/sbin/exim There is a small point of binding to port 25. Only root can do that. I have not looked at exim's code, but if run as a stand-alone daemon (i.e. not from inetd), I would guess it just opens the port as root and drops the priviledges right away. Someone who knows the code might want to confirm/rebuke this. On the other hand, if exim is run from inetd (as I do), does it still need to be suid root? Since inetd runs root anyway, there should be no need for exim to: the port is already bound when exim starts and exim will not be able to bind to it anyway. Just wondering if I should do some dpkg-statoverrides. -- --- | Juha Jäykkä, [EMAIL PROTECTED]| | home: http://www.utu.fi/~juolja/ | ---
Re: MTAs
On Sun, Nov 18, 2001 at 03:02:30PM +1000, Paul Haesler wrote: it is a Good Thing to have an MTA which does not run as root. I found the argument persuasive, and happily installed postifx. I do miss one thing from exim, however. Default debian installation of exim runs as mail: [paul@marge procmail] grep exim /etc/inetd.conf smtpstream tcp nowait mail/usr/sbin/exim exim -bs I don't know much about exim's guts, but is there a point in starting it as mail if it's SUID root? -rwsr-xr-x1 root root 466308 sie 15 01:13 /usr/sbin/exim Marcin -- Marcin Owsiany [EMAIL PROTECTED] http://marcin.owsiany.pl/ GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: MTAs
I don't know much about exim's guts, but is there a point in starting it as mail if it's SUID root? -rwsr-xr-x1 root root 466308 sie 15 01:13 /usr/sbin/exim There is a small point of binding to port 25. Only root can do that. I have not looked at exim's code, but if run as a stand-alone daemon (i.e. not from inetd), I would guess it just opens the port as root and drops the priviledges right away. Someone who knows the code might want to confirm/rebuke this. On the other hand, if exim is run from inetd (as I do), does it still need to be suid root? Since inetd runs root anyway, there should be no need for exim to: the port is already bound when exim starts and exim will not be able to bind to it anyway. Just wondering if I should do some dpkg-statoverrides. -- --- | Juha Jäykkä, [EMAIL PROTECTED]| | home: http://www.utu.fi/~juolja/ | --- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: MTAs
On Sun, Nov 18, 2001 at 03:02:30PM +1000, Paul Haesler wrote: it is a Good Thing to have an MTA which does not run as root. I found the argument persuasive, and happily installed postifx. I do miss one thing from exim, however. Default debian installation of exim runs as mail: [EMAIL PROTECTED] procmail] grep exim /etc/inetd.conf smtpstream tcp nowait mail/usr/sbin/exim exim -bs I don't know much about exim's guts, but is there a point in starting it as mail if it's SUID root? -rwsr-xr-x1 root root 466308 sie 15 01:13 /usr/sbin/exim Marcin -- Marcin Owsiany [EMAIL PROTECTED] http://marcin.owsiany.pl/ GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216
Re: MTAs
it is a Good Thing to have an MTA which does not run as root. I found the argument persuasive, and happily installed postifx. I do miss one thing from exim, however. Default debian installation of exim runs as mail: [paul@marge procmail] grep exim /etc/inetd.conf smtpstream tcp nowait mail/usr/sbin/exim exim -bs And let me just say that exim rocks. -- Paul Haesler[EMAIL PROTECTED] ICQ: 124547085 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: MTAs
it is a Good Thing to have an MTA which does not run as root. I found the argument persuasive, and happily installed postifx. I do miss one thing from exim, however. Default debian installation of exim runs as mail: [EMAIL PROTECTED] procmail] grep exim /etc/inetd.conf smtpstream tcp nowait mail/usr/sbin/exim exim -bs And let me just say that exim rocks. -- Paul Haesler[EMAIL PROTECTED] ICQ: 124547085
