| 1 |
On Wed, Jul 20, 2005 at 05:37:19AM +0000, Casey Allen Shobe wrote: |
| 2 |
> > So if this is still a problem in arch, but works in ~arch, you |
| 3 |
> > SHOULD file a bug report. |
| 4 |
> Why not just wait for the newer releases to make it to arch? |
| 5 |
See my note as to why they haven't moved yet, and consider testing them |
| 6 |
yourself, and reporting back (via bugzilla!). |
| 7 |
|
| 8 |
> > However the original reasoning for vchkpw NOT being setuid was |
| 9 |
> > that setuid is NOT always needed depending on which backend you |
| 10 |
> > are using. |
| 11 |
> I can confirm that - bincimap and qmail-pop3d run as root, so the |
| 12 |
> setuid bit is not necessary. I believe this is also the case for |
| 13 |
> dovecot 1.0 beta releases, though there are no ebuilds for them so |
| 14 |
> I haven't yet tested (<1.0 releases use libvpopmail directly |
| 15 |
> instead of the checkpassword interface). However it is necessary |
| 16 |
> for any server running as a non-root user, i.e. qmail-smtpd. |
| 17 |
For common operation of qmail-smtpd, vchkpw is NOT required. SMTP AUTH |
| 18 |
is the only reason qmail-smtpd would call vchkpw. |
| 19 |
|
| 20 |
> Thus I believe this should have the same treatment as binaries like |
| 21 |
> chsh - they won't work for non-root users without the setuid bit, |
| 22 |
> but running as a non-root user is generally accepted. If I want to |
| 23 |
> be paranoid (which I am), I can use suidctl (which I do), and only |
| 24 |
> uncomment the binary when I discover the need to. There's not |
| 25 |
> really any reverse of suidctl to my awareness. |
| 26 |
chsh has also been vetted for security problems a LOT more closely than |
| 27 |
vchkpw. I don't trust vchkpw with suid-root. |
| 28 |
|
| 29 |
> Nor is there a use flag for qmail or similar on vpopmail, but the |
| 30 |
> vpopmail ebuild requires qmail regardless of USE settings (postfix |
| 31 |
> support is not present), so at least in the current state, since |
| 32 |
> the package is built for qmail, it should assume qmail's non-root |
| 33 |
> qmail-smtpd will need to access vchkpw. |
| 34 |
The postfix maintainers were asked about it once before, and the answer |
| 35 |
was that there wasn't enough demand for it. You're only the second |
| 36 |
person that's asked (that I am aware of). |
| 37 |
|
| 38 |
> I would encourage making vchkpw suid even if postfix is supported |
| 39 |
> and used instead of qmail, because there are other softwares (i.e. |
| 40 |
> IMAP & POP servers) which have a checkpassword interface which do |
| 41 |
> may not run as the root user. |
| 42 |
This is decidedly not a good idea, unless vchkpw gets locked up more so |
| 43 |
that only specific things can run it (otherwise it can easily be used |
| 44 |
to brute-force passwords). |
| 45 |
|
| 46 |
> > And as I've mentioned before I'd like MORE reports of packages |
| 47 |
> > working well before they are moved to stable arch. Without those |
| 48 |
> > stable working reports I don't have any means to judge just how |
| 49 |
> > much testing has been done on a package, other than my own use of |
| 50 |
> > a package (and as such I do leave things longer than the 30 days, |
| 51 |
> > because I don't entirely trust them). |
| 52 |
> This sounds like a request for the QA team. I tend to stay away |
| 53 |
> from most ~arch packages simply because most of our systems are |
| 54 |
> live production servers, but I'd be happy to test-drive new ebuilds |
| 55 |
> of vpopmail if it would help get new versions into the stable tree |
| 56 |
> faster. |
| 57 |
In the absence of a proper QA team, users are some of the best |
| 58 |
large-scale QA available. All I'm asking for are reports that a package |
| 59 |
"Works for me". Try the ebuilds out, and send some feedback in. |
| 60 |
|
| 61 |
-- |
| 62 |
Robin Hugh Johnson |
| 63 |
E-Mail : robbat2@××××××××××××××.net |
| 64 |
Home Page : http://www.orbis-terrarum.net/?l=people.robbat2 |
| 65 |
ICQ# : 30269588 or 41961639 |
| 66 |
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85 |
Archives