1 |
On Wednesday 20 July 2005 07:04, Robin H. Johnson wrote: |
2 |
> For common operation of qmail-smtpd, vchkpw is NOT required. SMTP |
3 |
> AUTH is the only reason qmail-smtpd would call vchkpw. |
4 |
|
5 |
True. Sorry for not realizing that. |
6 |
|
7 |
> chsh has also been vetted for security problems a LOT more |
8 |
> closely than vchkpw. I don't trust vchkpw with suid-root. |
9 |
|
10 |
Then use suidctl? |
11 |
|
12 |
> The postfix maintainers were asked about it once before, and the |
13 |
> answer was that there wasn't enough demand for it. You're only |
14 |
> the second person that's asked (that I am aware of). |
15 |
|
16 |
...and I'm not actually asking for it, though it would be nice to be |
17 |
in the ebuild just for the sake of completeness. I don't actually |
18 |
know anybody who uses postfix+vpopmail on the vpopmail list. |
19 |
|
20 |
> This is decidedly not a good idea, unless vchkpw gets locked up |
21 |
> more so that only specific things can run it (otherwise it can |
22 |
> easily be used to brute-force passwords). |
23 |
|
24 |
True. Would the best way to do that be to only give the vpopmail |
25 |
group execute access to vchkpw, and then add qmail-smtpd to that |
26 |
group, but still have vchkpw suid? |
27 |
|
28 |
It seems that su could be easily used to brute-force passwords, too, |
29 |
but it's suid by default. |
30 |
|
31 |
Maybe what is needed is an extension to suidctl where emerge checks |
32 |
any installed binaries against things present in suidctl.conf that |
33 |
*should* be made suid if they're listed in there even if they're |
34 |
not suid by default? |
35 |
|
36 |
Cheers, |
37 |
-- |
38 |
Casey Allen Shobe | http://casey.shobe.info |
39 |
cshobe@×××××××××××××.com | cell 425-443-4653 |
40 |
AIM & Yahoo: SomeLinuxGuy | ICQ: 1494523 |
41 |
SeattleServer.com, Inc. | http://www.seattleserver.com |
42 |
-- |
43 |
gentoo-dev@g.o mailing list |