Mailinglist Archive: opensuse-security (601 mails)

< Previous Next >
Re: [suse-security] Mail permissions for local users?
  • From: Andrew Hougie <andrew@xxxxxxxxxxxx>
  • Date: Fri, 11 Aug 2000 19:50:38 +0100 (BST)
  • Message-id: <Pine.LNX.4.21.0008111950180.27868-100000@xxxxxxxxxxxxxxxxxxxxx>
Thank you. That worked
Andrew

On Fri, 11 Aug 2000, Stefan Suurmeijer wrote:

> Your sendmail has permissions 555. It should be suid root (4555). That
> will clear up the problem. Then make mqueue 700, mail should be sticky,
> since it's world writeable (mode 1777).
>
> BTW: if you're running a kernel prior to 2.2.16
> this does leave you open to attacks, since older kernels have a bug. See
> the SuSE security announcements.
>
> Hope this helps
>
> Stefan
>
>
> On Fri, 11 Aug 2000, Andrew Hougie wrote:
>
> > I think this qualifies as a security issue because the only other solution
> > I have would be to open up permissions completely and I don't know which I
> > can safely do.
> >
> > I am running SuSE 6.2 and I have Marc's firewall script version 2.5
> > running.
> >
> > When trying to send mail from pine as a user from the linux machine, I got
> > an "insufficient permission" message which I resolved by chmod 777
> > /var/spool/mqueue. I now get reminders of this "warning world writable".
> >
> > Trying to send mail from one local user to another still fails. The
> > following entries are generated in /var/log/mail:
> >
> >
> > Aug 11 07:41:23 celebrity procmail[26474]: Insufficient privileges to
> > deliver to "debbie"
> > Aug 11 07:41:23 celebrity sendmail[26473]: HAA26472:
> > to=<debbie@xxxxxxxxxxxxxxxxxxxxx>, delay=00:00:00, xdelay=00:00:00,
> > mailer=local, stat=Insufficient permission
> > Aug 11 07:41:23 celebrity sendmail[26473]: HAA26472: HAA26473: DSN:
> > Insufficient permission
> > Aug 11 07:41:23 celebrity sendmail[26473]: HAA26473: to=andrew,
> > delay=00:00:00, xdelay=00:00:00, mailer=local, stat=Sent
> > Aug 11 07:41:23 celebrity sendmail[26473]: HAA26472: HAB26473: postmaster
> > notify : Insufficient permission
> > Aug 11 07:41:23 celebrity procmail[26476]: Insufficient privileges to
> > deliver to "root"
> > Aug 11 07:41:23 celebrity sendmail[26473]: HAB26473: to=root,
> > delay=00:00:00, xdelay=00:00:00, mailer=local, stat=Insufficient permission
> > Aug 11 07:41:23 celebrity sendmail[26473]: HAB26473: HAC26473: return to
> > sender: Insufficient permission
> > Aug 11 07:41:23 celebrity procmail[26477]: Insufficient privileges to
> > deliver to "root"
> > Aug 11 07:41:23 celebrity sendmail[26473]: HAC26473: to=root,
> > delay=00:00:00, xdelay=00:00:00, mailer=local, stat=Insufficient permission
> > Aug 11 07:41:23 celebrity sendmail[26473]: HAB26473: Saved message in
> > /usr/tmp/dead.letter
> >
> > Permissions in /var/spool are:
> > drwxrwxrwt 2 root root 1024 Aug 11 07:43 mail
> > drwxrwxrwx 2 root root 2048 Aug 11 07:41 mqueue
> >
> > > ls -l /usr/sbin/sendmail
> > -r-xr-xr-x 1 root root 383232 Aug 22 1999 /usr/sbin/sendmail
> >
> > > ls -l /usr/bin/procmail
> > -rwxr-xr-x 1 root root 65428 Dec 7 1999 /usr/bin/procmail
> >
> > Extracts from my sendmail.mc file
> > include(`/usr/share/sendmail/m4/cf.m4')
> > OSTYPE(`linux')dnl
> > define(`STATUS_FILE', `/var/log/sendmail.st')dnl
> > define(`confDEF_USER_ID', `daemon:daemon')dnl
> > define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl
> > define(`confCOPY_ERRORS_TO', `Postmaster')dnl
> > define(`UUCP_MAILER_MAX', `2000000')dnl
> > define(`confTRUSTED_USERS', `mdom wwwrun')dnl
> > define(`MASQUERADE_AS', `grinton.net')dnl
> > FEATURE(`limited_masquerade')dnl
> > FEATURE(`masquerade_entire_domain')dnl
> > FEATURE(`masquerade_envelope')dnl
> > FEATURE(`local_procmail')dnl
> > FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl
> > MAILER(`local')dnl
> > MAILER(`procmail')dnl
> > MAILER(`smtp')dnl
> > MAILER(`uucp')dnl
> > MAILER(`bsmtp')dnl
> > MAILER(`fido')dnl
> > define(`confCW_FILE', `/etc/mail/sendmail.cw')dnl
> > FEATURE(use_cw_file)dnl
> > MASQUERADE_DOMAIN(grinton.net)
> >
> > --
> > Andrew Hougie, Grinton, Aldenham Grove, Radlett,
> > Hertfordshire, England, WD7 7BW
> > Email: andrew@xxxxxxxxxxxx WWW: http://www.hougie.co.uk
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> > For additional commands, e-mail: suse-security-help@xxxxxxxx
> >
> >
>
> ==========================================
> Stefan Suurmeijer
> Network Specialist
> University of Groningen
> tel: (+31) 50 363 3423
> fax: (+31) 50 363 7272
> E-mail (business): s.m.suurmeijer@xxxxxxxxxx
> E-mail (private): stefan@xxxxxxxxxxxx
> ==========================================
>
> Quis custodiet ipsos custodes? (Who'll watch the watchmen?) - Unknown
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
>


< Previous Next >
References