1 |
On Wed, Jul 20, 2005 at 05:37:19AM +0000, Casey Allen Shobe wrote: |
2 |
> > So if this is still a problem in arch, but works in ~arch, you |
3 |
> > SHOULD file a bug report. |
4 |
> Why not just wait for the newer releases to make it to arch? |
5 |
See my note as to why they haven't moved yet, and consider testing them |
6 |
yourself, and reporting back (via bugzilla!). |
7 |
|
8 |
> > However the original reasoning for vchkpw NOT being setuid was |
9 |
> > that setuid is NOT always needed depending on which backend you |
10 |
> > are using. |
11 |
> I can confirm that - bincimap and qmail-pop3d run as root, so the |
12 |
> setuid bit is not necessary. I believe this is also the case for |
13 |
> dovecot 1.0 beta releases, though there are no ebuilds for them so |
14 |
> I haven't yet tested (<1.0 releases use libvpopmail directly |
15 |
> instead of the checkpassword interface). However it is necessary |
16 |
> for any server running as a non-root user, i.e. qmail-smtpd. |
17 |
For common operation of qmail-smtpd, vchkpw is NOT required. SMTP AUTH |
18 |
is the only reason qmail-smtpd would call vchkpw. |
19 |
|
20 |
> Thus I believe this should have the same treatment as binaries like |
21 |
> chsh - they won't work for non-root users without the setuid bit, |
22 |
> but running as a non-root user is generally accepted. If I want to |
23 |
> be paranoid (which I am), I can use suidctl (which I do), and only |
24 |
> uncomment the binary when I discover the need to. There's not |
25 |
> really any reverse of suidctl to my awareness. |
26 |
chsh has also been vetted for security problems a LOT more closely than |
27 |
vchkpw. I don't trust vchkpw with suid-root. |
28 |
|
29 |
> Nor is there a use flag for qmail or similar on vpopmail, but the |
30 |
> vpopmail ebuild requires qmail regardless of USE settings (postfix |
31 |
> support is not present), so at least in the current state, since |
32 |
> the package is built for qmail, it should assume qmail's non-root |
33 |
> qmail-smtpd will need to access vchkpw. |
34 |
The postfix maintainers were asked about it once before, and the answer |
35 |
was that there wasn't enough demand for it. You're only the second |
36 |
person that's asked (that I am aware of). |
37 |
|
38 |
> I would encourage making vchkpw suid even if postfix is supported |
39 |
> and used instead of qmail, because there are other softwares (i.e. |
40 |
> IMAP & POP servers) which have a checkpassword interface which do |
41 |
> may not run as the root user. |
42 |
This is decidedly not a good idea, unless vchkpw gets locked up more so |
43 |
that only specific things can run it (otherwise it can easily be used |
44 |
to brute-force passwords). |
45 |
|
46 |
> > And as I've mentioned before I'd like MORE reports of packages |
47 |
> > working well before they are moved to stable arch. Without those |
48 |
> > stable working reports I don't have any means to judge just how |
49 |
> > much testing has been done on a package, other than my own use of |
50 |
> > a package (and as such I do leave things longer than the 30 days, |
51 |
> > because I don't entirely trust them). |
52 |
> This sounds like a request for the QA team. I tend to stay away |
53 |
> from most ~arch packages simply because most of our systems are |
54 |
> live production servers, but I'd be happy to test-drive new ebuilds |
55 |
> of vpopmail if it would help get new versions into the stable tree |
56 |
> faster. |
57 |
In the absence of a proper QA team, users are some of the best |
58 |
large-scale QA available. All I'm asking for are reports that a package |
59 |
"Works for me". Try the ebuilds out, and send some feedback in. |
60 |
|
61 |
-- |
62 |
Robin Hugh Johnson |
63 |
E-Mail : robbat2@××××××××××××××.net |
64 |
Home Page : http://www.orbis-terrarum.net/?l=people.robbat2 |
65 |
ICQ# : 30269588 or 41961639 |
66 |
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85 |