Majordomo-Users: Security problem with wrapper?

Majordomo-Users
(July 1994)

Indexed By Thread: [Previous] [Next]

Subject:	Security problem with wrapper?
From:	Steve MacLeod <smacleod @ sparc . uccb . ns . ca>
Date:	Sun, 24 Jul 1994 18:27:41 -0300 (ADT)
To:	majordomo-users @ greatcircle . com


I am trying to get majordomo 1.92 running on my SUN Sparc machine running 
Solaris 2.3 ... I compiled using the posix options ... ... no matter what I 
do I must leave the wrapper program set as 4755 and owned by root ... 
this is very unsettling to me, When I set the wrapper to ... 4750 I get 
errors complaining about ... wrapper - cannot execute ..

# echo testing|/usr/lib/sendmail -v sample
sample... aliased to  "|/usr/local/majordomo/wrapper resend -p bulk -M 
10000 -l
sample -f Sample-Owner -h sparc.uccb.ns.ca -s sample-outgoing"
"|/usr/local/majordomo/wrapper resend -p bulk -M 10000 -l sample -f 
Sample-Owner
 -h sparc.uccb.ns.ca -s sample-outgoing"... Connecting to  via prog...
sh: /usr/local/majordomo/wrapper: cannot execute
"|/usr/local/majordomo/wrapper resend -p bulk -M 10000 -l sample -f 
Sample-Owner
 -h sparc.uccb.ns.ca -s sample-outgoing"... unknown mailer error 1
owner-sample... aliased to  sample-owner
sample-owner... aliased to  smacleod
Postmaster... aliased to  smacleod
smacleod... Connecting to  via local...
smacleod... Sent
smacleod... Connecting to  via local...
smacleod... Sent

# ls -l wrapper
-rwsr-x---   1 root     majordom    7936 Jul 24 17:15 wrapper


the error message that gets generated to postmaster is ...

   ----- Transcript of session follows -----
554 "|/usr/local/majordomo/wrapper resend -p bulk -M 10000 -l sample -f 
Sample-Owner -h sparc.uccb.ns.ca -s sample-outgoing"... unknown mailer error 1


as well I must leave the /usr/local/majordomo directory set to 755 



# cd /usr/local
# ls -l
total 22
drwxr-xr-x   5 majordom majordom    1024 Jul 24 17:15 majordomo
drw-rw----   4 majordom majordom     512 Jul  7 10:28 mail

The only piece of security I can see here is that the users on my system 
can not write into the majordomo program directory ... if they did they 
could cause any process to be executed as root ... do I have a problem 
with this setup? I tied in the posix section changing the uid to 0 (root) 
... still no difference ... can the setup be any more secure?

Thanks

--------------------------------------------------------------------
Steve MacLeod    Microcomputer Specialist          (902)539-5300x625
Computer Centre  University College of Cape Breton
Sydney, N.S.     Fax (902)562-0119                 Canada  B1P 5S2

Follow-Ups:

Re: Security problem with wrapper?
From: "John P. Rouillard" <rouilj@cs.umb.edu>

Indexed By Date	Previous:	Re: majordomo v listserv as address From: "Robert A. Hayden" <hayden@vorlon.mankato.msus.edu>
Indexed By Date	Next:	Security problem with wrapper? From: koos@pizza.hut.nl (Koos van den Hout _U nix and we all_)
Indexed By Thread	Previous:	Re: majordomo v listserv as address From: Brent Chapman <brent@mycroft.GreatCircle.COM>
Indexed By Thread	Next:	Re: Security problem with wrapper? From: "John P. Rouillard" <rouilj@cs.umb.edu>