Thank you. That worked Andrew On Fri, 11 Aug 2000, Stefan Suurmeijer wrote:
Your sendmail has permissions 555. It should be suid root (4555). That will clear up the problem. Then make mqueue 700, mail should be sticky, since it's world writeable (mode 1777).
BTW: if you're running a kernel prior to 2.2.16 this does leave you open to attacks, since older kernels have a bug. See the SuSE security announcements.
Hope this helps
Stefan
On Fri, 11 Aug 2000, Andrew Hougie wrote:
I think this qualifies as a security issue because the only other solution I have would be to open up permissions completely and I don't know which I can safely do.
I am running SuSE 6.2 and I have Marc's firewall script version 2.5 running.
When trying to send mail from pine as a user from the linux machine, I got an "insufficient permission" message which I resolved by chmod 777 /var/spool/mqueue. I now get reminders of this "warning world writable".
Trying to send mail from one local user to another still fails. The following entries are generated in /var/log/mail:
Aug 11 07:41:23 celebrity procmail[26474]: Insufficient privileges to deliver to "debbie" Aug 11 07:41:23 celebrity sendmail[26473]: HAA26472: to=<debbie@celebrity.grinton.net>, delay=00:00:00, xdelay=00:00:00, mailer=local, stat=Insufficient permission Aug 11 07:41:23 celebrity sendmail[26473]: HAA26472: HAA26473: DSN: Insufficient permission Aug 11 07:41:23 celebrity sendmail[26473]: HAA26473: to=andrew, delay=00:00:00, xdelay=00:00:00, mailer=local, stat=Sent Aug 11 07:41:23 celebrity sendmail[26473]: HAA26472: HAB26473: postmaster notify : Insufficient permission Aug 11 07:41:23 celebrity procmail[26476]: Insufficient privileges to deliver to "root" Aug 11 07:41:23 celebrity sendmail[26473]: HAB26473: to=root, delay=00:00:00, xdelay=00:00:00, mailer=local, stat=Insufficient permission Aug 11 07:41:23 celebrity sendmail[26473]: HAB26473: HAC26473: return to sender: Insufficient permission Aug 11 07:41:23 celebrity procmail[26477]: Insufficient privileges to deliver to "root" Aug 11 07:41:23 celebrity sendmail[26473]: HAC26473: to=root, delay=00:00:00, xdelay=00:00:00, mailer=local, stat=Insufficient permission Aug 11 07:41:23 celebrity sendmail[26473]: HAB26473: Saved message in /usr/tmp/dead.letter
Permissions in /var/spool are: drwxrwxrwt 2 root root 1024 Aug 11 07:43 mail drwxrwxrwx 2 root root 2048 Aug 11 07:41 mqueue
ls -l /usr/sbin/sendmail -r-xr-xr-x 1 root root 383232 Aug 22 1999 /usr/sbin/sendmail
ls -l /usr/bin/procmail -rwxr-xr-x 1 root root 65428 Dec 7 1999 /usr/bin/procmail
Extracts from my sendmail.mc file include(`/usr/share/sendmail/m4/cf.m4') OSTYPE(`linux')dnl define(`STATUS_FILE', `/var/log/sendmail.st')dnl define(`confDEF_USER_ID', `daemon:daemon')dnl define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl define(`confCOPY_ERRORS_TO', `Postmaster')dnl define(`UUCP_MAILER_MAX', `2000000')dnl define(`confTRUSTED_USERS', `mdom wwwrun')dnl define(`MASQUERADE_AS', `grinton.net')dnl FEATURE(`limited_masquerade')dnl FEATURE(`masquerade_entire_domain')dnl FEATURE(`masquerade_envelope')dnl FEATURE(`local_procmail')dnl FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl MAILER(`local')dnl MAILER(`procmail')dnl MAILER(`smtp')dnl MAILER(`uucp')dnl MAILER(`bsmtp')dnl MAILER(`fido')dnl define(`confCW_FILE', `/etc/mail/sendmail.cw')dnl FEATURE(use_cw_file)dnl MASQUERADE_DOMAIN(grinton.net)
-- Andrew Hougie, Grinton, Aldenham Grove, Radlett, Hertfordshire, England, WD7 7BW Email: andrew@hougie.co.uk WWW: http://www.hougie.co.uk
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
========================================== Stefan Suurmeijer Network Specialist University of Groningen tel: (+31) 50 363 3423 fax: (+31) 50 363 7272 E-mail (business): s.m.suurmeijer@let.rug.nl E-mail (private): stefan@symbolica.nl ==========================================
Quis custodiet ipsos custodes? (Who'll watch the watchmen?) - Unknown
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com