Your message dated Sat, 12 Mar 2011 15:22:58 +0100
with message-id <[email protected]>
and subject line Re: Bug#617811: exim4 security update introduces new mode
requirements for config file
has caused the Debian Bug report #617811,
regarding exim4 security update introduces new mode requirements for config file
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
617811: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617811
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: exim4-base
Version: 4.69-9+lenny4
I just did the exim4 security update and it broke my mail system
because of the new restrictions on the config file mode.
2011-03-11 15:49:23 Exim configuration file /etc/exim4/exim4.conf--sauce has
the wrong owner, group, or mode
This is not a reasonable restriction. If the file is in the right
place then exim4 ought to honour whatever permissions it has; anything
else is a stupid-band-aid.
Also this is not documented in the changelog nor exim4 manpage.
Ian.
--- End Message ---
--- Begin Message ---
On 2011-03-11 Ian Jackson <[email protected]> wrote:
> Package: exim4-base
> Version: 4.69-9+lenny4
> I just did the exim4 security update and it broke my mail system
> because of the new restrictions on the config file mode.
> 2011-03-11 15:49:23 Exim configuration file /etc/exim4/exim4.conf--sauce has
> the wrong owner, group, or mode
> This is not a reasonable restriction. If the file is in the right
> place then exim4 ought to honour whatever permissions it has; anything
> else is a stupid-band-aid.
Hello,
Allowing a exim-group writeable exim.conf is equivalent to giving the
exim-group superuser privileges.
Before, these were the permission requirements (spec.txt chapter 6):
| The run time configuration file must be owned by root or by the user
| that is specified at compile time by the EXIM_USER option, or by the
| user that is specified at compile time by the CONFIGURE_OWNER option
| (if set). The configuration file must not be world-writeable or
| group-writeable, unless its group is the one specified at compile time
| by the EXIM_GROUP option or by the CONFIGURE_GROUP option.
|
| Warning: In a conventional configuration, where the Exim binary is
| setuid to root, anybody who is able to edit the run time configuration
| file has an easy way to run commands as root. If you make your mail
| administrators members of the Exim group, but do not trust them with
| root, make sure that the run time configuration is not group
| writeable.
now they are like this:
| The run time configuration file must be owned by root or by the user
| that is specified at compile time by the CONFIGURE_OWNER option (if
| set). The configuration file must not be world-writeable, or
| group-writeable unless its group is the root group or the one
| specified at compile time by the CONFIGURE_GROUP option.
|
| Warning: In a conventional configuration, where the Exim binary is
| setuid to root, anybody who is able to edit the run time configuration
| file has an easy way to run commands as root. If you specify a user or
| group in the CONFIGURE_OWNER or CONFIGURE_GROUP options, then that
| user and/or any users who are members of that group will trivially be
| able to obtain root privileges.
|
| Up to Exim version 4.72, the run time configuration file was also
| permitted to be writeable by the Exim user and/or group. That has been
| changed in Exim 4.73 since it offered a simple privilege escalation
| for any attacker who managed to compromise the Exim user account.
> Also this is not documented in the changelog nor exim4 manpage.
exim4 (4.69-9+lenny2) stable-security; urgency=high
[...]
+ 1_cfile_norw_eximuid: Don't allow a configure file which is
writeable by the Exim user or group.
[...]
cu andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
--- End Message ---