| 1 |
On Wednesday 20 July 2005 07:04, Robin H. Johnson wrote: |
| 2 |
> For common operation of qmail-smtpd, vchkpw is NOT required. SMTP |
| 3 |
> AUTH is the only reason qmail-smtpd would call vchkpw. |
| 4 |
|
| 5 |
True. Sorry for not realizing that. |
| 6 |
|
| 7 |
> chsh has also been vetted for security problems a LOT more |
| 8 |
> closely than vchkpw. I don't trust vchkpw with suid-root. |
| 9 |
|
| 10 |
Then use suidctl? |
| 11 |
|
| 12 |
> The postfix maintainers were asked about it once before, and the |
| 13 |
> answer was that there wasn't enough demand for it. You're only |
| 14 |
> the second person that's asked (that I am aware of). |
| 15 |
|
| 16 |
...and I'm not actually asking for it, though it would be nice to be |
| 17 |
in the ebuild just for the sake of completeness. I don't actually |
| 18 |
know anybody who uses postfix+vpopmail on the vpopmail list. |
| 19 |
|
| 20 |
> This is decidedly not a good idea, unless vchkpw gets locked up |
| 21 |
> more so that only specific things can run it (otherwise it can |
| 22 |
> easily be used to brute-force passwords). |
| 23 |
|
| 24 |
True. Would the best way to do that be to only give the vpopmail |
| 25 |
group execute access to vchkpw, and then add qmail-smtpd to that |
| 26 |
group, but still have vchkpw suid? |
| 27 |
|
| 28 |
It seems that su could be easily used to brute-force passwords, too, |
| 29 |
but it's suid by default. |
| 30 |
|
| 31 |
Maybe what is needed is an extension to suidctl where emerge checks |
| 32 |
any installed binaries against things present in suidctl.conf that |
| 33 |
*should* be made suid if they're listed in there even if they're |
| 34 |
not suid by default? |
| 35 |
|
| 36 |
Cheers, |
| 37 |
-- |
| 38 |
Casey Allen Shobe | http://casey.shobe.info |
| 39 |
cshobe@×××××××××××××.com | cell 425-443-4653 |
| 40 |
AIM & Yahoo: SomeLinuxGuy | ICQ: 1494523 |
| 41 |
SeattleServer.com, Inc. | http://www.seattleserver.com |
| 42 |
-- |
| 43 |
gentoo-dev@g.o mailing list |
Archives