Package: dkimproxy
Version: 1.0.1-1
Severity: serious
Tags: security
X-Debbugs-CC: [EMAIL PROTECTED]
--- Please enter the report below this line. ---
dkimproxy runs as user root, but it dos not need the rigths of the user
root, to fix this change /etc/init.d/dkimproxy:
30,31c30,31
< DKIMPROXY_IN_ARGS="--hostname=${DKIM_HOSTNAME} 127.0.0.1:10026
127.0.0.1:10027"
< DKIMPROXY_OUT_ARGS="--keyfile=${DKIMPROXY_OUT_PRIVKEY}
--selector=postfix --domain=${DOMAIN} --method=simple --signature=dkim
--signature domainkeys 127.0.0.1:10028 127.0.0.1:10029"
---
> DKIMPROXY_IN_ARGS="--hostname=${DKIM_HOSTNAME} 127.0.0.1:10026
127.0.0.1:10027 --user=${DKIMPROXYUSER} --group=${DKIMPROXYGROUP}"
> DKIMPROXY_OUT_ARGS="--keyfile=${DKIMPROXY_OUT_PRIVKEY}
--selector=postfix --domain=${DOMAIN} --method=simple --signature=dkim
--signature domainkeys 127.0.0.1:10028 127.0.0.1:10029
--user=${DKIMPROXYUSER} --group=${DKIMPROXYGROUP}"
also the home dir of the user dkimproxy is
/home/dkimproxy but I think it should be /var/lib/dkimproxy
the permission of the secret key file are also unsafe,
the are:
-rw-r--r-- 1 root root 887 17. Apr 19:22 /var/lib/dkimproxy/private.key
the should be imho:
-rw-r----- 1 root dkimproxy 887 17. Apr 19:22 /var/lib/dkimproxy/private.key
--- System information. ---
Architecture: i386
Kernel: Linux 2.6.24.4-1
Debian Release: lenny/sid
500 testing www.debian-multimedia.org
500 testing security.debian.org
500 testing ftp.de.debian.org
500 stable security.debian.org
--- Package information. ---
Depends (Version) | Installed
======================================-+-==============
adduser | 3.107
liberror-perl | 0.17-1
libmail-dkim-perl (>= 0.29) | 0.30.1-1
libnet-server-perl | 0.97-1
libtext-wrapper-perl | 1.000-2
lsb-base | 3.1-24
openssl | 0.9.8g-8
perl (>= 5.6.0-16) | 5.8.8-12
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
