From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.43) id 1DvOxf-0005if-62 for garchives@archives.gentoo.org; Thu, 21 Jul 2005 00:30:51 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.4/8.13.4) with SMTP id j6L0U1lq015235; Thu, 21 Jul 2005 00:30:01 GMT Received: from spieden.seattleserver.com (spieden.seattleserver.com [216.57.201.54]) by robin.gentoo.org (8.13.4/8.13.4) with ESMTP id j6L0SMit012797 for ; Thu, 21 Jul 2005 00:28:23 GMT Received: (qmail 4843 invoked from network); 21 Jul 2005 00:27:43 +0000 Received: from pool-71-112-242-39.sttlwa.dsl-w.verizon.net (HELO akureyri.seattleserver.com) (cshobe@seattleserver.com@71.112.242.39) by spieden.seattleserver.com with RC4-MD5 encrypted SMTP; 21 Jul 2005 00:27:43 +0000 From: Casey Allen Shobe Organization: SeattleServer.com, Inc. To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] VPopmail - SUID vchkpw Date: Thu, 21 Jul 2005 00:28:31 +0000 User-Agent: KMail/1.8.1 References: <200507200132.30745.lists@seattleserver.com> <200507200537.19793.lists@seattleserver.com> <20050720070457.GC11608@curie-int.orbis-terrarum.net> In-Reply-To: <20050720070457.GC11608@curie-int.orbis-terrarum.net> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200507210028.31476.lists@seattleserver.com> X-Archives-Salt: c8a43215-743c-4cb9-b53f-424f375b0803 X-Archives-Hash: 9f0f98a98ffc114997eac65f80978bab On Wednesday 20 July 2005 07:04, Robin H. Johnson wrote: > For common operation of qmail-smtpd, vchkpw is NOT required. SMTP > AUTH is the only reason qmail-smtpd would call vchkpw. True. Sorry for not realizing that. > chsh has also been vetted for security problems a LOT more > closely than vchkpw. I don't trust vchkpw with suid-root. Then use suidctl? > The postfix maintainers were asked about it once before, and the > answer was that there wasn't enough demand for it. You're only > the second person that's asked (that I am aware of). ...and I'm not actually asking for it, though it would be nice to be in the ebuild just for the sake of completeness. I don't actually know anybody who uses postfix+vpopmail on the vpopmail list. > This is decidedly not a good idea, unless vchkpw gets locked up > more so that only specific things can run it (otherwise it can > easily be used to brute-force passwords). True. Would the best way to do that be to only give the vpopmail group execute access to vchkpw, and then add qmail-smtpd to that group, but still have vchkpw suid? It seems that su could be easily used to brute-force passwords, too, but it's suid by default. Maybe what is needed is an extension to suidctl where emerge checks any installed binaries against things present in suidctl.conf that *should* be made suid if they're listed in there even if they're not suid by default? Cheers, -- Casey Allen Shobe | http://casey.shobe.info cshobe@seattleserver.com | cell 425-443-4653 AIM & Yahoo: SomeLinuxGuy | ICQ: 1494523 SeattleServer.com, Inc. | http://www.seattleserver.com -- gentoo-dev@gentoo.org mailing list