Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: Matt Poletiek <chill550@×××××.com>
To: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] Recomended paxctl flags for /var/qmail/bin/qmail-smtpd
Date: Tue, 23 Oct 2007 10:05:33
Message-Id: 1d624cdd0710230303l7b2276dt4a9b8ed53a2a2e84@mail.gmail.com
In Reply to: Re: [gentoo-hardened] Recomended paxctl flags for /var/qmail/bin/qmail-smtpd by Adam James
1 Ok, that clears up some confusing.
2
3 So changing the perms of /var/qmail/plugins worked
4
5 Now I need to debug my plugin :/
6
7 Thanks for the help
8
9 On 10/23/07, Adam James <atj@××××××××××××××.uk> wrote:
10 > On Tue, 23 Oct 2007 01:15:05 -0600
11 > "Matt Poletiek" <chill550@×××××.com> wrote:
12 >
13 > > Hey guys, I was attempting to write a plugin for my qmail-spp enabled
14 > > netqmail package when I ran into the following issue...
15 > >
16 > > hackdmz control # nc localhost 25
17 > > 220 hackdmz.net ESMTP
18 > > ehlo test
19 > > 250-hackdmz.net
20 > > 250-STARTTLS
21 > > 250-PIPELINING
22 > > 250-8BITMIME
23 > > 250-SIZE 0
24 > > 250 AUTH LOGIN PLAIN
25 > > mail from test@×××××××.net
26 > > 250 ok
27 > > rcpt to test@×××××××.net
28 > > 451 qmail-spp failure: plugins/validuser.pl: can't execute (#4.3.0)
29 > >
30 > > This shows up in dmesg
31 > >
32 > > grsec: From ***.***.***.***: denied untrusted exec of
33 > > /var/qmail/plugins/validuser.pl by
34 > > /var/qmail/bin/qmail-smtpd[qmail-smtpd:7451] uid/euid:201/201
35 > > gid/egid:200/200, parent /var/qmail/bin/qmail-smtpd[qmail-smtpd:7438]
36 > > uid/euid:201/201 gid/egid:200/200
37 > > grsec: From ***.***.***.***: denied untrusted exec of
38 > > /var/qmail/plugins/validuser.pl by
39 > > /var/qmail/bin/qmail-smtpd[qmail-smtpd:7861] uid/euid:201/201
40 > > gid/egid:200/200, parent /var/qmail/bin/qmail-smtpd[qmail-smtpd:7860]
41 > > uid/euid:201/201 gid/egid:200/200
42 >
43 > This is nothing to do with PaX, as you can see from the log messages.
44 > Grsecurity is denying the execution attempt because you have
45 > TPE enabled and the qmail user is not trusted.
46 >
47 > See `Executable Protections' under Grsecurity in your kernel
48 > configuration, or `sysctl -a |grep tpe` if you have Grsec sysctl
49 > functionality enabled and unlocked.
50 >
51 > --atj
52 >
53 > --
54 > gentoo-hardened@g.o mailing list
55 >
56 >
57
58
59 --
60 Matthew Poletiek
61 www.chill-fu.net
62 --
63 gentoo-hardened@g.o mailing list
Report Message
Find on MARC Find on Google Groups