On Thu, Jul 21, 2005 at 12:28:31AM +0000, Casey Allen Shobe wrote: > > chsh has also been vetted for security problems a LOT more > > closely than vchkpw. I don't trust vchkpw with suid-root. > Then use suidctl? I do on my production machines.
> > The postfix maintainers were asked about it once before, and the > > answer was that there wasn't enough demand for it. You're only > > the second person that's asked (that I am aware of). > ...and I'm not actually asking for it, though it would be nice to be > in the ebuild just for the sake of completeness. I don't actually > know anybody who uses postfix+vpopmail on the vpopmail list. For the sake of completeness and as an academic exercise, I'll accept tested patches for it ;-). > > This is decidedly not a good idea, unless vchkpw gets locked up > > more so that only specific things can run it (otherwise it can > > easily be used to brute-force passwords). > True. Would the best way to do that be to only give the vpopmail > group execute access to vchkpw, and then add qmail-smtpd to that > group, but still have vchkpw suid? On the vpopmail list in the distant past, I recall mention of the concept of an authentication server, so you could have vchkpw without any additional permissions. Nobody took it up at the time, and I never heard of it again. However it would be one of the best routes to solve this. Just implement the checkpassword interface on a socket, and be done with it. > It seems that su could be easily used to brute-force passwords, too, > but it's suid by default. Yes, but su does more logging than vchkpw ;-). > Maybe what is needed is an extension to suidctl where emerge checks > any installed binaries against things present in suidctl.conf that > *should* be made suid if they're listed in there even if they're > not suid by default? This is getting into cfengine territory (which can do exactly what you're asking for here). -- Robin Hugh Johnson E-Mail : [EMAIL PROTECTED] Home Page : http://www.orbis-terrarum.net/?l=people.robbat2 ICQ# : 30269588 or 41961639 GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85
pgpQ4uOHWREQv.pgp
Description: PGP signature
