Your message dated Mon, 25 Feb 2019 06:19:10 +0000 with message-id <[email protected]> and subject line Bug#854286: fixed in cyrus-imapd 3.0.8-3 has caused the Debian Bug report #854286, regarding cyrus-imapd: cyrus user has a working shell. to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 854286: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854286 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: cyrus-imapd Version: cyrus-imapd Severity: important Tags: patch Dear Maintainer, * What led up to the situation? I was owned by a cracker that explited the fact that cyrus has /bin/sh as shell * What exactly did you do (or not do) that was effective (or ineffective)? I'd set a simple password for cyrus, and expected to use that for situations where authenticating as cyrus would be done without a shell being opened. I run Kerberos 5 as authentication system, and GSSAPI for my IMAP access, so giving "cyrus" a Kerberos principal was important to get some admin stuff working. * What was the outcome of this action? I was owned and had to spend an evening rebooting and patching. * What outcome did you expect instead? Happiness ;-) * Fix: I've done a bunch of quick tests simply setting the cyrus user shell to /bin/false. The IMAP server works as before, but I've not tested all functions. If for some reason, the shell must remain usable, it is probably advisable to admonish people into setting a good password. -- System Information: Debian Release: 8.7 APT prefers stable APT policy: (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=sv_SE.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init)
--- End Message ---
--- Begin Message ---Source: cyrus-imapd Source-Version: 3.0.8-3 We believe that the bug you reported is fixed in the latest version of cyrus-imapd, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Ondřej Surý <[email protected]> (supplier of updated cyrus-imapd package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 25 Feb 2019 05:45:09 +0000 Source: cyrus-imapd Architecture: source Version: 3.0.8-3 Distribution: unstable Urgency: medium Maintainer: Debian Cyrus Team <[email protected]> Changed-By: Ondřej Surý <[email protected]> Closes: 854286 887201 908190 922928 Changes: cyrus-imapd (3.0.8-3) unstable; urgency=medium . * Move the backup/restore man pages to cyrus- namespace (Closes: #922928) * Fix the stdout/stderr dpkg-statoverride redirection (Closes: #908190) * On top of disabled password, also disable login for cyrus user (Closes: #854286) * Depend on e2fsprogs explicitly (Closes: #887201) Checksums-Sha1: eb3de38bed62cb89eccabe1c324e06edfbf881fe 3223 cyrus-imapd_3.0.8-3.dsc ab91958bbf9659f62b6bc9b213db698d7999125b 89328 cyrus-imapd_3.0.8-3.debian.tar.xz 29317aa604ffce26de6146840d9028d45ac49f2b 15177 cyrus-imapd_3.0.8-3_amd64.buildinfo Checksums-Sha256: 958241e659a184a7373c92242fee9c47a6b224a22e8c92b5cd39beb89099d526 3223 cyrus-imapd_3.0.8-3.dsc 659f1b962219ea3060118129f484d291e0ce3abadba67408e64102f3a5205a07 89328 cyrus-imapd_3.0.8-3.debian.tar.xz e749a2204c48088b8633664d2ba1213bf92d6f300f5f044d76fdbd20f07d633a 15177 cyrus-imapd_3.0.8-3_amd64.buildinfo Files: 290c7e039f8b68477bf556ee524a14f3 3223 mail optional cyrus-imapd_3.0.8-3.dsc 0dc5cb22265bcf773a44a8109b787a03 89328 mail optional cyrus-imapd_3.0.8-3.debian.tar.xz 7e261e29c7ea827fe7d88c4082227b74 15177 mail optional cyrus-imapd_3.0.8-3_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEw2Gx4wKVQ+vGJel9g3Kkd++uWcIFAlxzg6dfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEMz NjFCMUUzMDI5NTQzRUJDNjI1RTk3RDgzNzJBNDc3RUZBRTU5QzIACgkQg3Kkd++u WcIK/w//ZnayEFNLL3bMOzT/DcVG+q6bezbTjifgodZIC895bMlStYEvxz9Sx36q J8QhMHhRyW3Wn+CrFt0qvxEKId4K7tqVi+mEx3pQLs4aRDh0fsm6NFBl4Q0W1Nku qHJnxF8Cb8bNhVNQXKlojph6CR9coFLp+N0gUjCU826R8E1pOYBbqaEaZNLl9UK2 9d0eoL3UpTgL8WbCpSIg72Wu/la/ijAZLXCm0DaBU7ibo9z500jUvR1dDA6xoCU4 cbjOthEqib92/WRWzxbvnk6xKV1CQu/Dlpmt5yuatMtBNWP+HR0XpgdhkHJ2eG68 lqdhdpmoRXpsUHP3sQGMJtR9r6riSf/MxUUa1ySgj1NB4nTnE58m4/zmMmHhXSym km3MX1Yf1M48bnJBQOprTN7HI2GFLPgr9aEuBVpA2/DVtE7Fo2ecuT6sLG6WWY9Y AWbwb1tZJbhQN4L7xaNHgqnZayN+yE0/v2F2blG99c5yr2sFf9VOAA9oBLMk5Vbp MCDlhkRSkj43ygznXT2JuFLrSGYeTk9wOQQfwdkcCt8xoY7LrXF8sr1Ed1nLPGtH ZZFJj3hMV3ESm4Wep+tLAS58fXikEIxL+II0fUEJ0nhoiFuWE8NGyTqYz3E5cK5Z i/g/ZYWZfpPUlxBv+8zJfmAwfYPR0hAygM9Z2RPxZBDpTldLE5U= =4aD3 -----END PGP SIGNATURE-----
--- End Message ---
