And it is impossible for slocal to ever be used as the mail delivery
agent (the way procmail can be, or example) - so it gets run as root, but
told which user it is to deliver the mail for ?
Good point: I restored the setuid/setgid to slocal and added
checks of the return values.
So, I
Date:Mon, 03 Feb 2014 11:57:02 -0500
From:Ken Hornstein k...@pobox.com
Message-ID: 201402031657.s13gv2tu029...@hedwig.cmf.nrl.navy.mil
| So, I missed this point the first time around. slocal is designed to
| be run from a .forward file, right?
That would be
Hi,
There are a few setuid/setgid calls remaining in nmh. They're
of three types. Using setuid as an example and not showing the
setgid analogues:
1) setuid(getuid());
This drops privileges before an exec and is normally a good
thing. Except here, the return value isn't checked. And, we
David Levine wrote:
...
As far as I know, those conditions don't apply to any platform
that we might actively support, including:
Linux, Cygwin, AIX: use fcntl (by default)
FreeBSD, OpenBSD, Mac OS X: use flock (by default)
Solaris: has world-writable mail spool
Users on
Lyndon wrote:
I would prefer to leave that bit of code in place. Presumably we
can still build and run on older systems that still need this. It's
a simple little snippet of code that's harmless even if left in
unconditionally.
OK.
David
___
Date:Sun, 02 Feb 2014 10:58:30 -0500
From:David Levine levin...@acm.org
Message-ID: 21266-1391356710.058...@pwcr.arvw.l24H
| 2) if (geteuid() == 0) setuid(pw-pw_uid);
|
| This would be a security hole if the executable was setuid root
| because the user
Robert wrote:
And it is impossible for slocal to ever be used as the mail delivery
agent (the way procmail can be, or example) - so it gets run as root, but
told which user it is to deliver the mail for ?
Good point: I restored the setuid/setgid to slocal and added
checks of the return