1 |
On Thu, Jul 21, 2005 at 12:28:31AM +0000, Casey Allen Shobe wrote: |
2 |
> > chsh has also been vetted for security problems a LOT more |
3 |
> > closely than vchkpw. I don't trust vchkpw with suid-root. |
4 |
> Then use suidctl? |
5 |
I do on my production machines. |
6 |
|
7 |
> > The postfix maintainers were asked about it once before, and the |
8 |
> > answer was that there wasn't enough demand for it. You're only |
9 |
> > the second person that's asked (that I am aware of). |
10 |
> ...and I'm not actually asking for it, though it would be nice to be |
11 |
> in the ebuild just for the sake of completeness. I don't actually |
12 |
> know anybody who uses postfix+vpopmail on the vpopmail list. |
13 |
For the sake of completeness and as an academic exercise, I'll accept |
14 |
tested patches for it ;-). |
15 |
|
16 |
> > This is decidedly not a good idea, unless vchkpw gets locked up |
17 |
> > more so that only specific things can run it (otherwise it can |
18 |
> > easily be used to brute-force passwords). |
19 |
> True. Would the best way to do that be to only give the vpopmail |
20 |
> group execute access to vchkpw, and then add qmail-smtpd to that |
21 |
> group, but still have vchkpw suid? |
22 |
On the vpopmail list in the distant past, I recall mention of the |
23 |
concept of an authentication server, so you could have vchkpw without |
24 |
any additional permissions. Nobody took it up at the time, and I never |
25 |
heard of it again. However it would be one of the best routes to solve |
26 |
this. Just implement the checkpassword interface on a socket, and be |
27 |
done with it. |
28 |
|
29 |
> It seems that su could be easily used to brute-force passwords, too, |
30 |
> but it's suid by default. |
31 |
Yes, but su does more logging than vchkpw ;-). |
32 |
|
33 |
> Maybe what is needed is an extension to suidctl where emerge checks |
34 |
> any installed binaries against things present in suidctl.conf that |
35 |
> *should* be made suid if they're listed in there even if they're |
36 |
> not suid by default? |
37 |
This is getting into cfengine territory (which can do exactly what |
38 |
you're asking for here). |
39 |
|
40 |
-- |
41 |
Robin Hugh Johnson |
42 |
E-Mail : robbat2@××××××××××××××.net |
43 |
Home Page : http://www.orbis-terrarum.net/?l=people.robbat2 |
44 |
ICQ# : 30269588 or 41961639 |
45 |
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85 |