I once got this problem too with procmail. I also remeber that that is what I did at first but then of course I realised that it was a dangerous course of action I then made procmail suid root which worked but was equally dangerous. But checking my permissions later I realised that somehow /usr/sbin/sendmail had stopped being suid root and that is why I had been getting those errors. Of course another equally dangerous way but which would work is to make /usr/bin/pine suid root. On Fri, 11 Aug 2000, Andrew Hougie wrote:
Date: Fri, 11 Aug 2000 08:02:06 +0100 From: Andrew Hougie <andrew@hougie.co.uk> To: suse-security@suse.com Subject: [suse-security] Mail permissions for local users?
I think this qualifies as a security issue because the only other solution I have would be to open up permissions completely and I don't know which I can safely do.
I am running SuSE 6.2 and I have Marc's firewall script version 2.5 running.
When trying to send mail from pine as a user from the linux machine, I got an "insufficient permission" message which I resolved by chmod 777 /var/spool/mqueue. I now get reminders of this "warning world writable".
Trying to send mail from one local user to another still fails. The following entries are generated in /var/log/mail:
Aug 11 07:41:23 celebrity procmail[26474]: Insufficient privileges to deliver to "debbie" Aug 11 07:41:23 celebrity sendmail[26473]: HAA26472: to=<debbie@celebrity.grinton.net>, delay=00:00:00, xdelay=00:00:00, mailer=local, stat=Insufficient permission Aug 11 07:41:23 celebrity sendmail[26473]: HAA26472: HAA26473: DSN: Insufficient permission Aug 11 07:41:23 celebrity sendmail[26473]: HAA26473: to=andrew, delay=00:00:00, xdelay=00:00:00, mailer=local, stat=Sent Aug 11 07:41:23 celebrity sendmail[26473]: HAA26472: HAB26473: postmaster notify : Insufficient permission Aug 11 07:41:23 celebrity procmail[26476]: Insufficient privileges to deliver to "root" Aug 11 07:41:23 celebrity sendmail[26473]: HAB26473: to=root, delay=00:00:00, xdelay=00:00:00, mailer=local, stat=Insufficient permission Aug 11 07:41:23 celebrity sendmail[26473]: HAB26473: HAC26473: return to sender: Insufficient permission Aug 11 07:41:23 celebrity procmail[26477]: Insufficient privileges to deliver to "root" Aug 11 07:41:23 celebrity sendmail[26473]: HAC26473: to=root, delay=00:00:00, xdelay=00:00:00, mailer=local, stat=Insufficient permission Aug 11 07:41:23 celebrity sendmail[26473]: HAB26473: Saved message in /usr/tmp/dead.letter
Permissions in /var/spool are: drwxrwxrwt 2 root root 1024 Aug 11 07:43 mail drwxrwxrwx 2 root root 2048 Aug 11 07:41 mqueue
ls -l /usr/sbin/sendmail -r-xr-xr-x 1 root root 383232 Aug 22 1999 /usr/sbin/sendmail
ls -l /usr/bin/procmail -rwxr-xr-x 1 root root 65428 Dec 7 1999 /usr/bin/procmail
Extracts from my sendmail.mc file include(`/usr/share/sendmail/m4/cf.m4') OSTYPE(`linux')dnl define(`STATUS_FILE', `/var/log/sendmail.st')dnl define(`confDEF_USER_ID', `daemon:daemon')dnl define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl define(`confCOPY_ERRORS_TO', `Postmaster')dnl define(`UUCP_MAILER_MAX', `2000000')dnl define(`confTRUSTED_USERS', `mdom wwwrun')dnl define(`MASQUERADE_AS', `grinton.net')dnl FEATURE(`limited_masquerade')dnl FEATURE(`masquerade_entire_domain')dnl FEATURE(`masquerade_envelope')dnl FEATURE(`local_procmail')dnl FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl MAILER(`local')dnl MAILER(`procmail')dnl MAILER(`smtp')dnl MAILER(`uucp')dnl MAILER(`bsmtp')dnl MAILER(`fido')dnl define(`confCW_FILE', `/etc/mail/sendmail.cw')dnl FEATURE(use_cw_file)dnl MASQUERADE_DOMAIN(grinton.net)
-- Andrew Hougie, Grinton, Aldenham Grove, Radlett, Hertfordshire, England, WD7 7BW Email: andrew@hougie.co.uk WWW: http://www.hougie.co.uk
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Noah ksemat@eahd.or.ug