1 |
Ok, that clears up some confusing. |
2 |
|
3 |
So changing the perms of /var/qmail/plugins worked |
4 |
|
5 |
Now I need to debug my plugin :/ |
6 |
|
7 |
Thanks for the help |
8 |
|
9 |
On 10/23/07, Adam James <atj@××××××××××××××.uk> wrote: |
10 |
> On Tue, 23 Oct 2007 01:15:05 -0600 |
11 |
> "Matt Poletiek" <chill550@×××××.com> wrote: |
12 |
> |
13 |
> > Hey guys, I was attempting to write a plugin for my qmail-spp enabled |
14 |
> > netqmail package when I ran into the following issue... |
15 |
> > |
16 |
> > hackdmz control # nc localhost 25 |
17 |
> > 220 hackdmz.net ESMTP |
18 |
> > ehlo test |
19 |
> > 250-hackdmz.net |
20 |
> > 250-STARTTLS |
21 |
> > 250-PIPELINING |
22 |
> > 250-8BITMIME |
23 |
> > 250-SIZE 0 |
24 |
> > 250 AUTH LOGIN PLAIN |
25 |
> > mail from test@×××××××.net |
26 |
> > 250 ok |
27 |
> > rcpt to test@×××××××.net |
28 |
> > 451 qmail-spp failure: plugins/validuser.pl: can't execute (#4.3.0) |
29 |
> > |
30 |
> > This shows up in dmesg |
31 |
> > |
32 |
> > grsec: From ***.***.***.***: denied untrusted exec of |
33 |
> > /var/qmail/plugins/validuser.pl by |
34 |
> > /var/qmail/bin/qmail-smtpd[qmail-smtpd:7451] uid/euid:201/201 |
35 |
> > gid/egid:200/200, parent /var/qmail/bin/qmail-smtpd[qmail-smtpd:7438] |
36 |
> > uid/euid:201/201 gid/egid:200/200 |
37 |
> > grsec: From ***.***.***.***: denied untrusted exec of |
38 |
> > /var/qmail/plugins/validuser.pl by |
39 |
> > /var/qmail/bin/qmail-smtpd[qmail-smtpd:7861] uid/euid:201/201 |
40 |
> > gid/egid:200/200, parent /var/qmail/bin/qmail-smtpd[qmail-smtpd:7860] |
41 |
> > uid/euid:201/201 gid/egid:200/200 |
42 |
> |
43 |
> This is nothing to do with PaX, as you can see from the log messages. |
44 |
> Grsecurity is denying the execution attempt because you have |
45 |
> TPE enabled and the qmail user is not trusted. |
46 |
> |
47 |
> See `Executable Protections' under Grsecurity in your kernel |
48 |
> configuration, or `sysctl -a |grep tpe` if you have Grsec sysctl |
49 |
> functionality enabled and unlocked. |
50 |
> |
51 |
> --atj |
52 |
> |
53 |
> -- |
54 |
> gentoo-hardened@g.o mailing list |
55 |
> |
56 |
> |
57 |
|
58 |
|
59 |
-- |
60 |
Matthew Poletiek |
61 |
www.chill-fu.net |
62 |
-- |
63 |
gentoo-hardened@g.o mailing list |