Re: MTAs
On the other hand, if exim is run from inetd (as I do), does it still need to be suid root? Since inetd runs root anyway, there should well this is not a problem. (x)inet works by using stdin/stdout rather than network ports. This is why you have to tell whatever service you are superserving its being run from (x)inet. Hence you do not need to have root privilages as no ports are being opened, even if they were there would be an error as the os says sorry port already claimed or words to that effect. Please quote only the relevant part of the message you reply to. I do not know which part of my message you replied to since you quoted it all. There was only one question, though and I left that double quoted. Assuming you replied to this part, what do you mean by it being no problem? Exim running as root is no problem? Of course it is if it is not necessary to run! Programs should never (or at least as infrequently as possible) have extra priviledges. And even though inetd may be invulnerable to some exploit, exim may still be. Running exim from inetd does not prevent exploits from being exploited. The only things I can see we gain from using inetd are 1) there is only one daemon running (less memory consumed) and 2) only inetd _needs_ setuid root. If the communication between exim and inetd works fine without exim being suid root, then it should be possible to remove the bit from exim. Now my original question was: does it (exim) still need to be suid root? And the question still remains and depends (solely?) on whether it still can communicate with inetd. Inetd runs exim with mail's priviledges so giving mail access to any necessary directories is enough for exim to function - unless there are issues with the permissions of /var/spool/mail/insert your favourite username here. Now another question: are there? -- --- | Juha Jäykkä, [EMAIL PROTECTED]| | home: http://www.utu.fi/~juolja/ | --- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: MTAs
On Wed, Nov 21, 2001 at 12:56:53PM +0200, Juha J?ykk? wrote: On the other hand, if exim is run from inetd (as I do), does it still need to be suid root? Since inetd runs root anyway, there should bit from exim. Now my original question was: does it (exim) still need to be suid root? And the question still remains and depends (solely?) on whether it still can communicate with inetd. Inetd runs exim with I would assume no setuid-root exim is needed for it to communicate with inetd. mail's priviledges so giving mail access to any necessary directories is enough for exim to function - unless there are issues with the permissions of /var/spool/mail/insert your favourite username here. Now another question: are there? As long as /var/spool/mail/* is writable/owned by the 'mail' user I do not see a problem here. Also check /var/spool/mqueue... if also using outgoing e-mail -- Mark Janssen Unix Consultant @ SyConOS IT E-mail: [EMAIL PROTECTED] GnuPG Key Id: 357D2178 http: maniac.nl, unix-god.[net|org], markjanssen.[com|net|org|nl] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: MTAs
mail's priviledges so giving mail access to any necessary directories is enough for exim to function - unless there are issues with the permissions of /var/spool/mail/insert your favourite username here. Now another question: are there? As long as /var/spool/mail/* is writable/owned by the 'mail' user I do not see a problem here. Also check /var/spool/mqueue... if also using outgoing e-mail Well, lets try it shall we: [paul@marge ~] cd /usr/sbin [paul@marge sbin] su Password: [marge /usr/sbin]# ls -l exim -rwsr-xr-x1 root mail 430740 Jun 9 07:21 exim [marge /usr/sbin]# chmod 2755 exim [marge /usr/sbin]# ls -l exim -rwxr-sr-x1 root mail 430740 Jun 9 07:21 exim [marge /usr/sbin]# exit exit [paul@marge sbin] mail paul Subject: Test Does this work? . Cc: [paul@marge sbin] 2001-11-21 22:41:42 166Vl8-00017q-00 = [EMAIL PROTECTED] U=paul P=local S=327 2001-11-21 22:41:42 166Vl8-00017q-00 Unable to get root to set uid and gid for local delivery to paul: uid=1000 euid=1000 2001-11-21 22:41:42 166Vl8-00017q-00 Unable to get root to set uid and gid for local delivery to paul: uid=1000 euid=1000 It appears there is a problem, although arguably in the implementation. Source code anyone? -- Paul Haesler[EMAIL PROTECTED] ICQ: 124547085 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Debian packages signed?
I had recently a discussion regarding Debian package signing and automaticly downloading checking packages signatures (i.e. using debsig-verify) However, I see now that the default /etc/dpkg/dpkg.conf ships with no-debsig by default and users are not currently (correct me if it does) checking signatures in any way. Since developer's signatures cannot be used (they get stripped of after uploading and using them would require to have the keyring always uptodate) is there any way we can provide package signing. What does debsig currently do (if anything)? In a discussion between some Debian developers, regarding how a package signing scheme could work in Debian, we came out with the following (due to the problem of the updated keyring above) 1.- Packages.gz which contains the md5sums of packages is signed (we already do this, but through the Release file which includes the md5sums of many files, including Packages.gz but is not that direct). The signature is one that is permanently on the keyring and has been for some time, it could be that of a person in Debian (developer for quite some time, Project Leader, you name it) or of a group (QA?) 2.- This signed Packages.gz is downloaded by 'apt-get update' and stored in the HD along with Packages.gz 3.- When a package is going to be installed, it is first downloaded and generated the md5sum 4.- The Packages.gz.gpg is checked (signature ok) and it extracts from it the md5sum for the downloaded package (this avoids tampering of files in the local system) 5.- if we have the same md5sum install otherwise warn and leave in cache (so the user can install w/o signatures). If the package is not in the Packages.gz and the user wants signatures warn and do not install either. Does this scheme seem possible? How far is it from what debsig-verify intends to do? (I would appreciate here since this is an issue I would like to document clearly, including a roadmap in the Securing Debian Manual) Regards Javi -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: buffer overflow in /bin/gzip?
On Wed, Nov 21, 2001 at 12:47:49AM -0600, Bryan Andersen wrote: On thing I think is quite important is to get rid of calls to routines that it is possible to buffer overflow. OpenBSD has a feature in their version of gcc that will cause a compile time error message telling you when one of the standard library routines known to be overflowable is used. I hope strcpy() does not belong to this class. It's quite common to do something like this: int len = strlen(s); char *new = (char *) malloc(len + 1); strcpy(new, s); This is perfectly fine. strncpy() is even more dangerous, since it doesn't add a final nul-byte if strlen(src) n. Most people are not aware of this problem. So, most of the time you use strncpy() you should use a construction like this: strncpy(dst, src, len); dst[len] = '\0'; - Sebastian -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Mail-server config
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi @all, I plan to install a mailserver for ca. 800 users, now I planned to make 800 users with shell /bin/bash, home /dev/nul,... So, I ask you ;)), if this is a good solution, to make 800 UNIX-users for a mailserver and if not what's the best solution (security reason) Thnx, Weissi -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7+8mf3lkVkvL9FpcRAsDDAJ4nVFnmwga1X4dPolc0qzKWfMlikwCdHCtw 9+ChkwPZOMa6RoBT/+9E51s= =Vgb5 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Mail-server config
Johannes Weiss ([EMAIL PROTECTED]) wrote: Hi @all, I plan to install a mailserver for ca. 800 users, now I planned to make 800 users with shell /bin/bash, home /dev/nul,... So, I ask you ;)), if this is a good solution, to make 800 UNIX-users for a mailserver and if not what's the best solution (security reason) Consider the cyrus-packages. - Rolf -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Mail-server config
Thus spake Johannes Weiss ([EMAIL PROTECTED]): I plan to install a mailserver for ca. 800 users, now I planned to make 800 users with shell /bin/bash, home /dev/nul,... So, I ask you ;)), if this is a good solution, to make 800 UNIX-users for a mailserver and if not what's the best solution (security reason) Have a look at Cyrus IMAP. It's designed for POP3/IMAP for non-shell users, i.e. a closed-box system. the authentication _can_ be /etc/passwd-based, but typically you use a separate DB file to store the login info. -- Justin R. Miller [EMAIL PROTECTED] PGP/GnuPG Key ID 0xC9C40C31 (preferred) msg04321/pgp0.pgp Description: PGP signature
Re: MTAs
On Wed, Nov 21, 2001 at 10:45:24PM +1000, Paul Haesler wrote: snip . Cc: [paul@marge sbin] 2001-11-21 22:41:42 166Vl8-00017q-00 = [EMAIL PROTECTED] U=paul P=local S=327 2001-11-21 22:41:42 166Vl8-00017q-00 Unable to get root to set uid and gid for local delivery to paul: uid=1000 euid=1000 2001-11-21 22:41:42 166Vl8-00017q-00 Unable to get root to set uid and gid for local delivery to paul: uid=1000 euid=1000 It appears there is a problem, although arguably in the implementation. Source code anyone? -- Paul Haesler[EMAIL PROTECTED] ICQ: 124547085 There is some description of the setuid'ism in the exim manual - chapter 55. My quick scan of it revealed that setuid root is used for: - setting up a listening socked on port 25 (not required when run from inetd) - local deliveries (=writing to /var/mail ?) - reading .forward files (NFS considerations + .forward need not be world-readable and I wouldn't be surprised that setuid is required for running .procmailrc's too Hope this helps Cautionary note: No: I haven't read the source code. -- Karl E. Jørgensen [EMAIL PROTECTED] www.karl.jorgensen.com One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh msg04322/pgp0.pgp Description: PGP signature
Re: Mail-server config
On Wed, Nov 21, 2001 at 10:51:57AM -0500, Justin R. Miller wrote: Thus spake Johannes Weiss ([EMAIL PROTECTED]): I plan to install a mailserver for ca. 800 users, now I planned to Have a look at Cyrus IMAP. It's designed for POP3/IMAP for non-shell users, i.e. a closed-box system. the authentication _can_ be /etc/passwd-based, but typically you use a separate DB file to store the login info. Also note that the Debian packages for Cyrus are old, from a branch that is not being developed any more. I think your best bet is to download the source and compile your own. That's what I'm doing for a family-and-friends mailserver. I might come up with a .deb for my own use, but don't hold your breath... There is a wishlist bug for 2.x. This is getting off topic. -sami. -- ...you want a .sig with that? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: buffer overflow in /bin/gzip?
On Wed, Nov 21, 2001 at 08:29:09AM +0100, Sebastian Rittau wrote: I hope strcpy() does not belong to this class. It's quite common to do something like this: int len = strlen(s); char *new = (char *) malloc(len + 1); strcpy(new, s); This is perfectly fine. Albeit silly; you mean strdup() strncpy() is even more dangerous, since it doesn't add a final nul-byte if strlen(src) n. Most people are not aware of this problem. So, most of the time you use strncpy() you should use a construction like this: strncpy(dst, src, len); dst[len] = '\0'; Or use your own version of strncpy() which behaves more sensibly. This is my preference. -- .''`. ** Debian GNU/Linux ** | Andrew Suffield : :' : http://www.debian.org/ | Dept. of Computing, `. `' | Imperial College, `- -- | London, UK msg04324/pgp0.pgp Description: PGP signature
Re: Mail-server config
On Wed, Nov 21, 2001 at 04:34:46PM +0100, Johannes Weiss wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi @all, I plan to install a mailserver for ca. 800 users, now I planned to make 800 users with shell /bin/bash, home /dev/nul,... So, I ask you ;)), if this is a good solution, to make 800 UNIX-users for a mailserver and if not what's the best solution (security reason) Most modern MTAs have support for some sort of non-system based user database (LDAP etc.). I know postfix has support for virtual maps and such, see www.postfix.org http://kummefryser.dk/HOWTO/mail/postfix_mysql.html. You would then need to find an imap/pop server that could use the same thing. This would be much easier to maintain securely. -- Share and Enjoy. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: buffer overflow in /bin/gzip?
Andrew Suffield [EMAIL PROTECTED] writes: Albeit silly; you mean strdup() Unless you're restricted to C89. -- Alan Shutko [EMAIL PROTECTED] - In a variety of flavors! Style may not be the answer, but at least it's a workable alternative. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Mutt tmp files
On Thu, Nov 15, 2001 at 07:41:35PM +, sober wrote: if it's to unsecure u have 2 ways: - choose another emailprogramm where u don't know the risk that root can read the mails - write them direct on ur smtp server ... btw: root of ur mailserver can read ur incoming mails too ! // jens I was just thinking that the only way to do it is to write and compose the email and encrypt it on another machine and then simply send it straight to the SMTP server on the machine you want to use - a telnet session to port 25 is easy to achieve this by - SMTP is an easy protocol to learn. just my 2p -- Matthew Sackman Nottingham, ENGLAND -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Mail-server config
On Wed, Nov 21, 2001 at 09:56:28AM -0800, Sami Juvonen wrote: On Wed, Nov 21, 2001 at 10:51:57AM -0500, Justin R. Miller wrote: Thus spake Johannes Weiss ([EMAIL PROTECTED]): I plan to install a mailserver for ca. 800 users, now I planned to Have a look at Cyrus IMAP. It's designed for POP3/IMAP for non-shell users, i.e. a closed-box system. the authentication _can_ be /etc/passwd-based, but typically you use a separate DB file to store the login info. Also note that the Debian packages for Cyrus are old, from a branch that is not being developed any more. I think your best bet is to download the source and compile your own. That's what I'm doing for a family-and-friends mailserver. I might come up with a .deb for my own use, but don't hold your breath... There is a wishlist bug for 2.x. This is getting off topic. -sami. I think that the easiest thing (not necesarily the best one) will be to write simple bashawk script to add users directly to passwd. The shell should be /bin/false - message that you can't get in (without invoking any real shells). Advantages: easy to perform, easy to manage Disadvantages: possible mess in passwd if you have pop3-only and normal users. Jaroslaw Postawa [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Mail-server config
[EMAIL PROTECTED] (Sami Juvonen) writes: Also note that the Debian packages for Cyrus are old, from a branch that is not being developed any more. I think your best bet is to download the source and compile your own. That's what I'm doing for a family-and-friends mailserver. I might come up with a .deb for my own use, but don't hold your breath... No need for it :) http://people.debian.org/~hmh/cyrus2/ -- begin OjE-ist-scheisse.txt bye, Joerg Registered Linux User #97793 @ http://counter.li.org end -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Passwd and mysql
Hello. Is there any possibility to force passwd command to change password in mysql datbase instead shadow file ? Do I have to do smth with pam ? -- Robert Magier -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
LPRNG vulnerability [was Re: weird messages in syslog]
SaDIKuZboy [EMAIL PROTECTED] | it could be something as a backdoor or an arbitrary service ... try | to : cron -l it shows u a table with binary called to be run, | report it and let's see what's there :o) Thanks for your help. Maybe you meant crontab -l? But I'm pretty certain in any case that the garbage in my syslog file does not reflect the activity of any cron-job. There's nothing remotely resembling it anywhere else in the logs. I've been through /etc/cron.daily weekly and monthly, and there is nothing in those scripts, as far as I can tell, that would produce the kind of output I have. Kelley, Tim (CBS-New Orleans) [EMAIL PROTECTED] wrote: | looks like a buffer overflow attempt to me ... look at your | security I'm sure it is. There is a buffer-overflow advisory against lprng. Local and remote users can send string-formatting operators to the printer daemon to corrupt the daemon's execution, potentially gaining root access. The messages in my syslog are close to identical to those reported at: http://ciac.llnl.gov/ciac/bulletins/l-025.shtml But the warnings I have seen all refer to versions prior to 3.6.26, and they all report the problem as fixed in versions since then. I have the version from debian testing which is 3.8.0 (it's the same in unstable). I've not had to deal with such an exploit before, so I would really appreciate any advice that's going. I've stopped the lprng daemon for now, until I can tighten things up. Thank you in advance, Jim -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: In Praise of Dos (RE: Mutt tmp files)
On Tue, Nov 20, 2001 at 08:25:36PM -0800, Nathan E Norman wrote: On Tue, Nov 20, 2001 at 12:01:32PM -0800, J C Lawrence wrote: On Mon, 19 Nov 2001 21:57:05 -0600 Nathan E Norman Nathan wrote: On Mon, Nov 19, 2001 at 03:26:50PM -0800, Petro wrote: But his is hugely off topic, and I'll go no futher down this road. Could you at least honor my Mail-Followup-To: header? Mail-Followup-To is a non-standard, un-RFC documented, generally unsupported header. The guy is using mutt. mutt supports M-F-T. You figure it out. M-F-T is generally used on debian mailing lists. Sometimes I see it (now that I'm looking for it) sometimes I don't. This post didn't have it. Others do. Some posts come through (for another debian list) matching ^X-Mailing-List:[EMAIL PROTECTED], others don't. I don't know if exchange is randomly changing the headers (it wouldn't surprise me) or if sometimes the original poster puts them in and sometimes not. -- Share and Enjoy.
Re: buffer overflow in /bin/gzip?
John Galt wrote: On Wed, 21 Nov 2001, Guillaume Morin wrote: Dans un message du 20 nov à 23:33, Anders Gjære écrivait : in gzip.c the line: strcpy(nbuf,dir); should maybe be replaced with: strncpy(nbuf, dir,sizeof(nbuf)); gzip runs with user privileges, therefore this is not a security problem. gzip is in vuln-dev for a buffer overflow in the argv handler. Debian is apparently invulnerable, but it's a good thing to do everything we can to figure out more bugs in the flavor-of-the-month exploit target before the black hats do. I second this. On thing I think is quite important is to get rid of calls to routines that it is possible to buffer overflow. OpenBSD has a feature in their version of gcc that will cause a compile time error message telling you when one of the standard library routines known to be overflowable is used. I'd love to see all open source software put through that chack. It dosen't need to be an error output, but atleast a warning would be good. At this point it needs to be switchable and not manditory. this is due to the volue of code that would need to be changed. -- | Bryan Andersen | [EMAIL PROTECTED] | http://www.nerdvest.com | | Buzzwords are like annoying little flies that deserve to be swatted. | | -Bryan Andersen|
Re: In Praise of Dos (RE: Mutt tmp files)
On Tue, 20 Nov 2001 22:25:36 -0600 Nathan E Norman Nathan wrote: On Tue, Nov 20, 2001 at 12:01:32PM -0800, J C Lawrence wrote: Mail-Followup-To is a non-standard, un-RFC documented, generally unsupported header. The guy is using mutt. mutt supports M-F-T. You figure it out. Which ignores the fact that several commonly used MTAs strip such headers. M-F-T is generally used on debian mailing lists. Used (in terms of being placed in messages) and used in terms of honoured by recipients are two very different things. -- J C Lawrence -(*)Satan, oscillate my metallic sonatas. [EMAIL PROTECTED] He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.
La NewsLetter d'AALWAY Software
AALWAY, TOUT LE LOGICIEL POUR LA COMMUNAUTE DU NET LA LETTRE D'INFO du 21 novembre 2001 http://www.aalway.net/index_assur201101.php Bonjour, * 30% de remise sur tous nos logiciels jusqu'au 31/12/2001 * Nouvelle version d'AspiMail, notre logiciel de capture d'adresses Email * Nouvelle version de Boomerang, notre logiciel d'envoi de masse ASPIMAIL : Nouvelle version d'AspiMail, notre logiciel phare de capture d'adresses Email. La capacite d'aspiration est portee maintenant à pres de 120.000 adresses en 24H pour les connexions les plus rapides. http://www.aalway.net/index_assur201101.php BOOMERANG : Nouvelle version de Boomerang, notre logiciel d'envoi de masse est maintenant entierement multitache, il expédie jusqu'a 99 messages en meme temps. La capacite d'envoi est portee maintenant a pres de 2.500.000 messages en 24H pour les connexions les plus rapides. http://www.aalway.net/index_assur201101.php ASPIWEB: Notre logiciel de capture de sites Internet reste un best-seller, distribue en shareware par la plupart des journaux informatiques. http://www.aalway.net/index_assur201101.php Nous vous rappelons que tous nos logiciels sont telechargeables gratuitement pour une version d'essai. Par ailleurs n'hesitez pas a nous faire des remarques, nous sortons en moyenne une nouvelle version de chaque logiciel trimestriellement en tenant compte de vos avis. Cordialement. L'équipe AALWAY. Pour vous desabonner a cette offre, vous pouvez cliquer sur le lien ci-dessous: mailto:[EMAIL PROTECTED] en écrivant remove dans le sujet.
Re: MTAs
On the other hand, if exim is run from inetd (as I do), does it still need to be suid root? Since inetd runs root anyway, there should well this is not a problem. (x)inet works by using stdin/stdout rather than network ports. This is why you have to tell whatever service you are superserving its being run from (x)inet. Hence you do not need to have root privilages as no ports are being opened, even if they were there would be an error as the os says sorry port already claimed or words to that effect. Please quote only the relevant part of the message you reply to. I do not know which part of my message you replied to since you quoted it all. There was only one question, though and I left that double quoted. Assuming you replied to this part, what do you mean by it being no problem? Exim running as root is no problem? Of course it is if it is not necessary to run! Programs should never (or at least as infrequently as possible) have extra priviledges. And even though inetd may be invulnerable to some exploit, exim may still be. Running exim from inetd does not prevent exploits from being exploited. The only things I can see we gain from using inetd are 1) there is only one daemon running (less memory consumed) and 2) only inetd _needs_ setuid root. If the communication between exim and inetd works fine without exim being suid root, then it should be possible to remove the bit from exim. Now my original question was: does it (exim) still need to be suid root? And the question still remains and depends (solely?) on whether it still can communicate with inetd. Inetd runs exim with mail's priviledges so giving mail access to any necessary directories is enough for exim to function - unless there are issues with the permissions of /var/spool/mail/insert your favourite username here. Now another question: are there? -- --- | Juha Jäykkä, [EMAIL PROTECTED]| | home: http://www.utu.fi/~juolja/ | ---
Re: MTAs
On Wed, Nov 21, 2001 at 12:56:53PM +0200, Juha J?ykk? wrote: On the other hand, if exim is run from inetd (as I do), does it still need to be suid root? Since inetd runs root anyway, there should bit from exim. Now my original question was: does it (exim) still need to be suid root? And the question still remains and depends (solely?) on whether it still can communicate with inetd. Inetd runs exim with I would assume no setuid-root exim is needed for it to communicate with inetd. mail's priviledges so giving mail access to any necessary directories is enough for exim to function - unless there are issues with the permissions of /var/spool/mail/insert your favourite username here. Now another question: are there? As long as /var/spool/mail/* is writable/owned by the 'mail' user I do not see a problem here. Also check /var/spool/mqueue... if also using outgoing e-mail -- Mark Janssen Unix Consultant @ SyConOS IT E-mail: [EMAIL PROTECTED] GnuPG Key Id: 357D2178 http: maniac.nl, unix-god.[net|org], markjanssen.[com|net|org|nl]
Re: MTAs
mail's priviledges so giving mail access to any necessary directories is enough for exim to function - unless there are issues with the permissions of /var/spool/mail/insert your favourite username here. Now another question: are there? As long as /var/spool/mail/* is writable/owned by the 'mail' user I do not see a problem here. Also check /var/spool/mqueue... if also using outgoing e-mail Well, lets try it shall we: [EMAIL PROTECTED] ~] cd /usr/sbin [EMAIL PROTECTED] sbin] su Password: [marge /usr/sbin]# ls -l exim -rwsr-xr-x1 root mail 430740 Jun 9 07:21 exim [marge /usr/sbin]# chmod 2755 exim [marge /usr/sbin]# ls -l exim -rwxr-sr-x1 root mail 430740 Jun 9 07:21 exim [marge /usr/sbin]# exit exit [EMAIL PROTECTED] sbin] mail paul Subject: Test Does this work? . Cc: [EMAIL PROTECTED] sbin] 2001-11-21 22:41:42 166Vl8-00017q-00 = [EMAIL PROTECTED] U=paul P=local S=327 2001-11-21 22:41:42 166Vl8-00017q-00 Unable to get root to set uid and gid for local delivery to paul: uid=1000 euid=1000 2001-11-21 22:41:42 166Vl8-00017q-00 Unable to get root to set uid and gid for local delivery to paul: uid=1000 euid=1000 It appears there is a problem, although arguably in the implementation. Source code anyone? -- Paul Haesler[EMAIL PROTECTED] ICQ: 124547085
Debian packages signed?
I had recently a discussion regarding Debian package signing and automaticly downloading checking packages signatures (i.e. using debsig-verify) However, I see now that the default /etc/dpkg/dpkg.conf ships with no-debsig by default and users are not currently (correct me if it does) checking signatures in any way. Since developer's signatures cannot be used (they get stripped of after uploading and using them would require to have the keyring always uptodate) is there any way we can provide package signing. What does debsig currently do (if anything)? In a discussion between some Debian developers, regarding how a package signing scheme could work in Debian, we came out with the following (due to the problem of the updated keyring above) 1.- Packages.gz which contains the md5sums of packages is signed (we already do this, but through the Release file which includes the md5sums of many files, including Packages.gz but is not that direct). The signature is one that is permanently on the keyring and has been for some time, it could be that of a person in Debian (developer for quite some time, Project Leader, you name it) or of a group (QA?) 2.- This signed Packages.gz is downloaded by 'apt-get update' and stored in the HD along with Packages.gz 3.- When a package is going to be installed, it is first downloaded and generated the md5sum 4.- The Packages.gz.gpg is checked (signature ok) and it extracts from it the md5sum for the downloaded package (this avoids tampering of files in the local system) 5.- if we have the same md5sum install otherwise warn and leave in cache (so the user can install w/o signatures). If the package is not in the Packages.gz and the user wants signatures warn and do not install either. Does this scheme seem possible? How far is it from what debsig-verify intends to do? (I would appreciate here since this is an issue I would like to document clearly, including a roadmap in the Securing Debian Manual) Regards Javi
Re: buffer overflow in /bin/gzip?
On Wed, Nov 21, 2001 at 12:47:49AM -0600, Bryan Andersen wrote: On thing I think is quite important is to get rid of calls to routines that it is possible to buffer overflow. OpenBSD has a feature in their version of gcc that will cause a compile time error message telling you when one of the standard library routines known to be overflowable is used. I hope strcpy() does not belong to this class. It's quite common to do something like this: int len = strlen(s); char *new = (char *) malloc(len + 1); strcpy(new, s); This is perfectly fine. strncpy() is even more dangerous, since it doesn't add a final nul-byte if strlen(src) n. Most people are not aware of this problem. So, most of the time you use strncpy() you should use a construction like this: strncpy(dst, src, len); dst[len] = '\0'; - Sebastian
Mail-server config
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi @all, I plan to install a mailserver for ca. 800 users, now I planned to make 800 users with shell /bin/bash, home /dev/nul,... So, I ask you ;)), if this is a good solution, to make 800 UNIX-users for a mailserver and if not what's the best solution (security reason) Thnx, Weissi -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7+8mf3lkVkvL9FpcRAsDDAJ4nVFnmwga1X4dPolc0qzKWfMlikwCdHCtw 9+ChkwPZOMa6RoBT/+9E51s= =Vgb5 -END PGP SIGNATURE-
Re: Mail-server config
Johannes Weiss ([EMAIL PROTECTED]) wrote: Hi @all, I plan to install a mailserver for ca. 800 users, now I planned to make 800 users with shell /bin/bash, home /dev/nul,... So, I ask you ;)), if this is a good solution, to make 800 UNIX-users for a mailserver and if not what's the best solution (security reason) Consider the cyrus-packages. - Rolf
Re: Mail-server config
Thus spake Johannes Weiss ([EMAIL PROTECTED]): I plan to install a mailserver for ca. 800 users, now I planned to make 800 users with shell /bin/bash, home /dev/nul,... So, I ask you ;)), if this is a good solution, to make 800 UNIX-users for a mailserver and if not what's the best solution (security reason) Have a look at Cyrus IMAP. It's designed for POP3/IMAP for non-shell users, i.e. a closed-box system. the authentication _can_ be /etc/passwd-based, but typically you use a separate DB file to store the login info. -- Justin R. Miller [EMAIL PROTECTED] PGP/GnuPG Key ID 0xC9C40C31 (preferred) pgpFCAIgboMkR.pgp Description: PGP signature
Re: MTAs
On Wed, Nov 21, 2001 at 10:45:24PM +1000, Paul Haesler wrote: snip . Cc: [EMAIL PROTECTED] sbin] 2001-11-21 22:41:42 166Vl8-00017q-00 = [EMAIL PROTECTED] U=paul P=local S=327 2001-11-21 22:41:42 166Vl8-00017q-00 Unable to get root to set uid and gid for local delivery to paul: uid=1000 euid=1000 2001-11-21 22:41:42 166Vl8-00017q-00 Unable to get root to set uid and gid for local delivery to paul: uid=1000 euid=1000 It appears there is a problem, although arguably in the implementation. Source code anyone? -- Paul Haesler[EMAIL PROTECTED] ICQ: 124547085 There is some description of the setuid'ism in the exim manual - chapter 55. My quick scan of it revealed that setuid root is used for: - setting up a listening socked on port 25 (not required when run from inetd) - local deliveries (=writing to /var/mail ?) - reading .forward files (NFS considerations + .forward need not be world-readable and I wouldn't be surprised that setuid is required for running .procmailrc's too Hope this helps Cautionary note: No: I haven't read the source code. -- Karl E. Jørgensen [EMAIL PROTECTED] www.karl.jorgensen.com One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpzm8M6GwguZ.pgp Description: PGP signature
Re: Mail-server config
On Wed, Nov 21, 2001 at 10:51:57AM -0500, Justin R. Miller wrote: Thus spake Johannes Weiss ([EMAIL PROTECTED]): I plan to install a mailserver for ca. 800 users, now I planned to Have a look at Cyrus IMAP. It's designed for POP3/IMAP for non-shell users, i.e. a closed-box system. the authentication _can_ be /etc/passwd-based, but typically you use a separate DB file to store the login info. Also note that the Debian packages for Cyrus are old, from a branch that is not being developed any more. I think your best bet is to download the source and compile your own. That's what I'm doing for a family-and-friends mailserver. I might come up with a .deb for my own use, but don't hold your breath... There is a wishlist bug for 2.x. This is getting off topic. -sami. -- ...you want a .sig with that?
Re: buffer overflow in /bin/gzip?
On Wed, Nov 21, 2001 at 08:29:09AM +0100, Sebastian Rittau wrote: I hope strcpy() does not belong to this class. It's quite common to do something like this: int len = strlen(s); char *new = (char *) malloc(len + 1); strcpy(new, s); This is perfectly fine. Albeit silly; you mean strdup() strncpy() is even more dangerous, since it doesn't add a final nul-byte if strlen(src) n. Most people are not aware of this problem. So, most of the time you use strncpy() you should use a construction like this: strncpy(dst, src, len); dst[len] = '\0'; Or use your own version of strncpy() which behaves more sensibly. This is my preference. -- .''`. ** Debian GNU/Linux ** | Andrew Suffield : :' : http://www.debian.org/ | Dept. of Computing, `. `' | Imperial College, `- -- | London, UK pgpwpwFXYAESK.pgp Description: PGP signature
LPRNG vulnerability [was Re: weird messages in syslog]
SaDIKuZboy [EMAIL PROTECTED] | it could be something as a backdoor or an arbitrary service ... try | to : cron -l it shows u a table with binary called to be run, | report it and let's see what's there :o) Thanks for your help. Maybe you meant crontab -l? But I'm pretty certain in any case that the garbage in my syslog file does not reflect the activity of any cron-job. There's nothing remotely resembling it anywhere else in the logs. I've been through /etc/cron.daily weekly and monthly, and there is nothing in those scripts, as far as I can tell, that would produce the kind of output I have. Kelley, Tim (CBS-New Orleans) [EMAIL PROTECTED] wrote: | looks like a buffer overflow attempt to me ... look at your | security I'm sure it is. There is a buffer-overflow advisory against lprng. Local and remote users can send string-formatting operators to the printer daemon to corrupt the daemon's execution, potentially gaining root access. The messages in my syslog are close to identical to those reported at: http://ciac.llnl.gov/ciac/bulletins/l-025.shtml But the warnings I have seen all refer to versions prior to 3.6.26, and they all report the problem as fixed in versions since then. I have the version from debian testing which is 3.8.0 (it's the same in unstable). I've not had to deal with such an exploit before, so I would really appreciate any advice that's going. I've stopped the lprng daemon for now, until I can tighten things up. Thank you in advance, Jim
Re: Mail-server config
On Wed, Nov 21, 2001 at 04:34:46PM +0100, Johannes Weiss wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi @all, I plan to install a mailserver for ca. 800 users, now I planned to make 800 users with shell /bin/bash, home /dev/nul,... So, I ask you ;)), if this is a good solution, to make 800 UNIX-users for a mailserver and if not what's the best solution (security reason) Most modern MTAs have support for some sort of non-system based user database (LDAP etc.). I know postfix has support for virtual maps and such, see www.postfix.org http://kummefryser.dk/HOWTO/mail/postfix_mysql.html. You would then need to find an imap/pop server that could use the same thing. This would be much easier to maintain securely. -- Share and Enjoy.
Re: buffer overflow in /bin/gzip?
Andrew Suffield [EMAIL PROTECTED] writes: Albeit silly; you mean strdup() Unless you're restricted to C89. -- Alan Shutko [EMAIL PROTECTED] - In a variety of flavors! Style may not be the answer, but at least it's a workable alternative.
Re: Mutt tmp files
On Thu, Nov 15, 2001 at 07:41:35PM +, sober wrote: if it's to unsecure u have 2 ways: - choose another emailprogramm where u don't know the risk that root can read the mails - write them direct on ur smtp server ... btw: root of ur mailserver can read ur incoming mails too ! // jens I was just thinking that the only way to do it is to write and compose the email and encrypt it on another machine and then simply send it straight to the SMTP server on the machine you want to use - a telnet session to port 25 is easy to achieve this by - SMTP is an easy protocol to learn. just my 2p -- Matthew Sackman Nottingham, ENGLAND
Re: Mail-server config
[EMAIL PROTECTED] (Sami Juvonen) writes: Also note that the Debian packages for Cyrus are old, from a branch that is not being developed any more. I think your best bet is to download the source and compile your own. That's what I'm doing for a family-and-friends mailserver. I might come up with a .deb for my own use, but don't hold your breath... No need for it :) http://people.debian.org/~hmh/cyrus2/ -- begin OjE-ist-scheisse.txt bye, Joerg Registered Linux User #97793 @ http://counter.li.org end