Mailinglist Archive: opensuse-security (601 mails)

< Previous Next >
Re: [suse-security] Mail permissions for local users?
  • From: <ksemat@xxxxxxxxxxxxxxx>
  • Date: Fri, 11 Aug 2000 10:27:30 +0300 (EAT)
  • Message-id: <Pine.LNX.4.21.0008111022000.947-100000@xxxxxxxxxxxxxxx>
I once got this problem too with procmail. I also remeber that that is
what I did at first but then of course I realised that it was a dangerous
course of action I then made procmail suid root which worked but was
equally dangerous. But checking my permissions later I realised that
somehow /usr/sbin/sendmail had stopped being suid root and that is why I
had been getting those errors. Of course another equally dangerous way but
which would work is to make /usr/bin/pine suid root.
On Fri, 11 Aug 2000,
Andrew Hougie wrote:

> Date: Fri, 11 Aug 2000 08:02:06 +0100
> From: Andrew Hougie <andrew@xxxxxxxxxxxx>
> To: suse-security@xxxxxxxx
> Subject: [suse-security] Mail permissions for local users?
>
> I think this qualifies as a security issue because the only other solution
> I have would be to open up permissions completely and I don't know which I
> can safely do.
>
> I am running SuSE 6.2 and I have Marc's firewall script version 2.5
> running.
>
> When trying to send mail from pine as a user from the linux machine, I got
> an "insufficient permission" message which I resolved by chmod 777
> /var/spool/mqueue. I now get reminders of this "warning world writable".
>
> Trying to send mail from one local user to another still fails. The
> following entries are generated in /var/log/mail:
>
>
> Aug 11 07:41:23 celebrity procmail[26474]: Insufficient privileges to
> deliver to "debbie"
> Aug 11 07:41:23 celebrity sendmail[26473]: HAA26472:
> to=<debbie@xxxxxxxxxxxxxxxxxxxxx>, delay=00:00:00, xdelay=00:00:00,
> mailer=local, stat=Insufficient permission
> Aug 11 07:41:23 celebrity sendmail[26473]: HAA26472: HAA26473: DSN:
> Insufficient permission
> Aug 11 07:41:23 celebrity sendmail[26473]: HAA26473: to=andrew,
> delay=00:00:00, xdelay=00:00:00, mailer=local, stat=Sent
> Aug 11 07:41:23 celebrity sendmail[26473]: HAA26472: HAB26473: postmaster
> notify : Insufficient permission
> Aug 11 07:41:23 celebrity procmail[26476]: Insufficient privileges to
> deliver to "root"
> Aug 11 07:41:23 celebrity sendmail[26473]: HAB26473: to=root,
> delay=00:00:00, xdelay=00:00:00, mailer=local, stat=Insufficient permission
> Aug 11 07:41:23 celebrity sendmail[26473]: HAB26473: HAC26473: return to
> sender: Insufficient permission
> Aug 11 07:41:23 celebrity procmail[26477]: Insufficient privileges to
> deliver to "root"
> Aug 11 07:41:23 celebrity sendmail[26473]: HAC26473: to=root,
> delay=00:00:00, xdelay=00:00:00, mailer=local, stat=Insufficient permission
> Aug 11 07:41:23 celebrity sendmail[26473]: HAB26473: Saved message in
> /usr/tmp/dead.letter
>
> Permissions in /var/spool are:
> drwxrwxrwt 2 root root 1024 Aug 11 07:43 mail
> drwxrwxrwx 2 root root 2048 Aug 11 07:41 mqueue
>
> > ls -l /usr/sbin/sendmail
> -r-xr-xr-x 1 root root 383232 Aug 22 1999 /usr/sbin/sendmail
>
> > ls -l /usr/bin/procmail
> -rwxr-xr-x 1 root root 65428 Dec 7 1999 /usr/bin/procmail
>
> Extracts from my sendmail.mc file
> include(`/usr/share/sendmail/m4/cf.m4')
> OSTYPE(`linux')dnl
> define(`STATUS_FILE', `/var/log/sendmail.st')dnl
> define(`confDEF_USER_ID', `daemon:daemon')dnl
> define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl
> define(`confCOPY_ERRORS_TO', `Postmaster')dnl
> define(`UUCP_MAILER_MAX', `2000000')dnl
> define(`confTRUSTED_USERS', `mdom wwwrun')dnl
> define(`MASQUERADE_AS', `grinton.net')dnl
> FEATURE(`limited_masquerade')dnl
> FEATURE(`masquerade_entire_domain')dnl
> FEATURE(`masquerade_envelope')dnl
> FEATURE(`local_procmail')dnl
> FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl
> MAILER(`local')dnl
> MAILER(`procmail')dnl
> MAILER(`smtp')dnl
> MAILER(`uucp')dnl
> MAILER(`bsmtp')dnl
> MAILER(`fido')dnl
> define(`confCW_FILE', `/etc/mail/sendmail.cw')dnl
> FEATURE(use_cw_file)dnl
> MASQUERADE_DOMAIN(grinton.net)
>
> --
> Andrew Hougie, Grinton, Aldenham Grove, Radlett,
> Hertfordshire, England, WD7 7BW
> Email: andrew@xxxxxxxxxxxx WWW: http://www.hougie.co.uk
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
>

Noah
ksemat@xxxxxxxxxx




< Previous Next >
References