List Archive: gentoo-hardened
Hey guys, I was attempting to write a plugin for my qmail-spp enabled
netqmail package when I ran into the following issue...
hackdmz control # nc localhost 25
220 hackdmz.net ESMTP
ehlo test
250-hackdmz.net
250-STARTTLS
250-PIPELINING
250-8BITMIME
250-SIZE 0
250 AUTH LOGIN PLAIN
mail from test@...
250 ok
rcpt to test@...
451 qmail-spp failure: plugins/validuser.pl: can't execute (#4.3.0)
This shows up in dmesg
grsec: From ***.***.***.***: denied untrusted exec of
/var/qmail/plugins/validuser.pl by
/var/qmail/bin/qmail-smtpd[qmail-smtpd:7451] uid/euid:201/201
gid/egid:200/200, parent /var/qmail/bin/qmail-smtpd[qmail-smtpd:7438]
uid/euid:201/201 gid/egid:200/200
grsec: From ***.***.***.***: denied untrusted exec of
/var/qmail/plugins/validuser.pl by
/var/qmail/bin/qmail-smtpd[qmail-smtpd:7861] uid/euid:201/201
gid/egid:200/200, parent /var/qmail/bin/qmail-smtpd[qmail-smtpd:7860]
uid/euid:201/201 gid/egid:200/200
I tried a few different pax flag settings for
/var/qmail/bin/qmail-smtpd to no avail so for now this binary is set
to default, which seem too lax to me. What do you guys think?
hackdmz control # cd /var/qmail/bin/
hackdmz bin # paxctl -v qmail-smtpd
PaX control v0.4
Copyright 2004,2005,2006 PaX Team <pageexec@...>
- PaX flags: -------x---- [qmail-smtpd]
RANDEXEC is disabled
--
Matthew Poletiek
www.chill-fu.net
--
gentoo-hardened@g.o mailing list
|
|
