Re: [Dovecot] Security issue #5: mail_extra_groups setting is often used insecurely
Timo Sirainen a écrit : 2a) mbox: Any files/directories under mail group-writable directories can be created/deleted/renamed by symlinking the directory under ~/mail/. For example ln -s /var/mail ~/mail/var, DELETE var/root will happily delete root's mailbox. This I hadn't thought about before. Not if /var/mail is set sticky, which is the case on all good modern Unix systems: Right. That's why it was included in the workarounds. :) Anyway I also thought that /var/mail would be sticky in at least some systems. I couldn't find a single one. CentOS 5, Debian, FreeBSD 6.2, Solaris 10 none have it sticky by default. All our Debian Sarge and Etch systems (with Sendmail and procmail packages) have /var/mail sticky by default, we didn't modify it ourselves. -- Ce message a ete verifie par MailScanner pour des virus ou des polluriels et rien de suspect n'a ete trouve.
Re: [Dovecot] Security issue #5: mail_extra_groups setting is often used insecurely
On Tue, 2008-03-04 at 13:42 +0100, Benoit Branciard wrote: Timo Sirainen a écrit : 2a) mbox: Any files/directories under mail group-writable directories can be created/deleted/renamed by symlinking the directory under ~/mail/. For example ln -s /var/mail ~/mail/var, DELETE var/root will happily delete root's mailbox. This I hadn't thought about before. Not if /var/mail is set sticky, which is the case on all good modern Unix systems: Right. That's why it was included in the workarounds. :) Anyway I also thought that /var/mail would be sticky in at least some systems. I couldn't find a single one. CentOS 5, Debian, FreeBSD 6.2, Solaris 10 none have it sticky by default. All our Debian Sarge and Etch systems (with Sendmail and procmail packages) have /var/mail sticky by default, we didn't modify it ourselves. My test Debian image came from debian-40r1-amd64-businesscard.iso and it had no MTA installed. After installing Exim /var/mail still wasn't sticky. After installing sendmail-bin it got sticky. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Security issue #5: mail_extra_groups setting is often used insecurely
On Wed, 2008-03-05 at 00:29 +0200, Timo Sirainen wrote: a) Upgrade to v1.0.11 and use the new mail_privileged_group setting instead of mail_extra_groups. We tried this but now the mail.log has a number of lines : « dovecot: IMAP(someuser): open(/var/mail/.temp.) failed: Permission denied » Oh, this is actually harmless. You can get rid of it (and improve the performance) by setting dotlock_use_excl=yes. But maybe I should release v1.0.12 anyway with that error message silenced.. You mean seeing that error message only is actually not an error, because the next locking method just works? In that case, great -- I'll go change dotlock_use_excl, revert the scary option (b) of chmod world-writable, and see how it works out. Not using NFS anyway. guenther -- char *t=[EMAIL PROTECTED]; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1: (c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: [Dovecot] Security issue #5: mail_extra_groups setting is often used insecurely
On Tue, 2008-03-04 at 23:41 +0100, Karsten Bräckelmann wrote: On Wed, 2008-03-05 at 00:29 +0200, Timo Sirainen wrote: a) Upgrade to v1.0.11 and use the new mail_privileged_group setting instead of mail_extra_groups. We tried this but now the mail.log has a number of lines : « dovecot: IMAP(someuser): open(/var/mail/.temp.) failed: Permission denied » Oh, this is actually harmless. You can get rid of it (and improve the performance) by setting dotlock_use_excl=yes. But maybe I should release v1.0.12 anyway with that error message silenced.. You mean seeing that error message only is actually not an error, because the next locking method just works? Right. Also fixed it now: http://hg.dovecot.org/dovecot-1.0/rev/a9ac53bc191b In that case, great -- I'll go change dotlock_use_excl, revert the scary option (b) of chmod world-writable, and see how it works out. Not using NFS anyway. dotlock_use_excl=yes works also in all modern NFS systems. I doubt anyone is still using NFSv2. This setting is now default in v1.1. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Security issue #5: mail_extra_groups setting is often used insecurely
On Tue, 2008-03-04 at 23:41 +0100, Karsten Bräckelmann wrote: On Wed, 2008-03-05 at 00:29 +0200, Timo Sirainen wrote: Oh, this is actually harmless. You can get rid of it (and improve the performance) by setting dotlock_use_excl=yes. But maybe I should release v1.0.12 anyway with that error message silenced.. You mean seeing that error message only is actually not an error, because the next locking method just works? In that case, great -- I'll go change dotlock_use_excl, revert the scary option (b) of chmod world-writable, and see how it works out. Not using NFS anyway. Seems it did the trick, judging by some quick tests. :) guenther -- char *t=[EMAIL PROTECTED]; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1: (c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}