In message <Pine.3.89.9407241732.A22141-0100000@sparc>, Steve MacLeod
writes:
>I am trying to get majordomo 1.92 running on my SUN Sparc machine running
>Solaris 2.3 ... I compiled using the posix options ... ... no matter what I
>do I must leave the wrapper program set as 4755 and owned by root ...
Yup. That's posix for you. It has to be owned by root.
>this is very unsettling to me, When I set the wrapper to ... 4750 I get
>errors complaining about ... wrapper - cannot execute ..
Your sendmail runs as daemon, so without world execute permission it
can't run it.
>[error run deleted]
>as well I must leave the /usr/local/majordomo directory set to 755
I think you mean 777 8-), but its not that bad since all they can do
is run the majordomo programs at the top of the majordomo tree, and
that doesn't get them much more access than faking mail to majordomo
would.
># cd /usr/local
># ls -l
>total 22
>drwxr-xr-x 5 majordom majordom 1024 Jul 24 17:15 majordomo
>drw-rw---- 4 majordom majordom 512 Jul 7 10:28 mail
>
>The only piece of security I can see here is that the users on my system
>can not write into the majordomo program directory ... if they did they
>could cause any process to be executed as root ... do I have a problem
>with this setup? I tied in the posix section changing the uid to 0 (root)
>... still no difference ... can the setup be any more secure?
Well if your mail host never has mail sent on it (i.e. all mail comes
in via smtp) create a bastion directory. Put the wrapper in
/usr/local/majordomo/wrappers/wrapper
and chown the wrappers directory to user daemon, mode 700. This way
sendmail can execute the program since it can access it, but nobody
not running as daemon can access the wrapper. Note that people on the
mail host who attempt to send mail to majordomo will have it fail
since the sendmail they invoke won't be able to access the majordomo
directory. That's why we don't suggest a bastion directory approach.
BTW if you move sendmail to the side and replace /usr/lib/sendmail
with a program that accepts the message and then connects to the smtp
port on the current host, the bastion directory method works
fine. ssmtp works for this purpose. The only problem is that it
doesn't accept the -t flag, but that's not a major problem except for
majordomo 8-).
No don't ask how I know the above mechanism works 8-(.
-- John
John Rouillard
Senior Systems Consultant (SERL Project) University of Massachusetts at Boston
rouilj@cs.umb.edu (preferred) Boston, MA, (617) 287-6480
==============================================================================
My employers don't acknowledge my existence much less my opinions.
Follow-Ups:
References:
|
|
