[SM-USERS] setuid on in squirrelmail 1.4.2-1

[Douglas Campbell]

Message: 1
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Date: Mon, 5 Jan 2004 13:58:04 -0500
Subject: [SM-USERS] Why is the group SUID bit set on 1.4.2?
This would appear to be a security risk.  I don't see any reason for it and 
1.4.1 didn't have this set.

Is this required, or was someone being naughty?

Please reply directly.

-Szii


I also noticed this a few days ago.  I am using squirrelmail 1.4.2-1, downloaded 
from squirrelmail.org site; I am
running it under RedHat 8.0 with all patches applied.  The previous version of 
squirrelmail was deleted prior to
installing this one.
Here is a sample directory listing, in response to someone's post in reply to the 
above.  It appears that the
directories are the only things affected in my case.  I installed it as root; should I 
change ownership?
-- Doug

[EMAIL PROTECTED] /]$ cd /usr/share/squirrelmail
[EMAIL PROTECTED] squirrelmail]$ ls -al
total 52
drwxr-xr-x   12 root     root         4096 Nov 21 21:40 .
drwxr-xr-x  200 root     root         4096 Oct 10 00:14 ..
drwxr-sr-x    5 root     root         4096 Nov 21 21:40 class
drwxr-xr-x    2 root     root         4096 Nov 21 21:40 config
drwxr-sr-x    2 root     root         4096 Nov 21 21:40 functions
drwxr-sr-x   28 root     root         4096 Nov 21 21:40 help
drwxr-sr-x    2 root     root         4096 Nov 21 21:40 images
drwxr-sr-x    3 root     root         4096 Nov 21 21:40 include
-rw-r--r--    1 root     root          338 Oct  1 18:41 index.php
drwxr-sr-x   43 root     root         4096 Nov 21 21:40 locale
drwxr-sr-x   18 root     root         4096 Nov 21 21:40 plugins
drwxr-sr-x    2 root     root         4096 Nov 21 21:40 src
drwxr-sr-x    3 root     root         4096 Nov 21 21:40 themes
[EMAIL PROTECTED] squirrelmail]$ ls -al class
total 32
drwxr-sr-x    5 root     root         4096 Nov 21 21:40 .
drwxr-xr-x   12 root     root         4096 Nov 21 21:40 ..
drwxr-sr-x    2 root     root         4096 Nov 21 21:50 deliver
drwxr-sr-x    2 root     root         4096 Nov 21 21:40 helper
-rw-r--r--    1 root     root         4074 Dec 31  2002 html.class.php
-rw-r--r--    1 root     root          466 Dec 31  2002 index.php
drwxr-sr-x    2 root     root         4096 Nov 21 21:40 mime
-rw-r--r--    1 root     root          765 Dec 31  2002 mime.class.php
[EMAIL PROTECTED] squirrelmail]$


-------------------------------------------------------
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
--
squirrelmail-users mailing list
List Address: [EMAIL PROTECTED]
List Archives:  http://sourceforge.net/mailarchive/forum.php?forum_id=2995
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users