Great Circle Associates Majordomo-Users
(August 1995) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: wrapper and security
From: Victor Gadda <vgadda @ tron . fi . uba . ar>
Date: Tue, 15 Aug 95 11:39:53 ARGENTINA
To: majordomo-users @ GreatCircle . COM 
We have our Majordomo working at last, this mailing-list management 
software is given us a great solution, but we have some doubts about the
wrapper and security, the system and configuration is shown below:  

majordomo-1.93
perl5.001m
POSIX flags
-wrs--x--x root majordom wrapper
dwrxr-x--x majordom majordom majordomo (Majordomo directory)
majordom (UID=349, GID=52 (majordom group))
daemon (UID=1,GID=12)	


There are two major ways that sendmail can be run: as SUID root process;
or as an ordinary process. When the sender of the mail is local, and 
delivery is via the prog delivery agent (as in the case of wrapper 
when is invoked through the aliases line:
	 "|/my/path/majordomo/wrapper majordomo"),then sendmail changes 
its owner an group identity to that of the sender. If the sender is root,
sendmail changes its owner an group identity to that specify by the g and 
u options (my sendmail.cf is set to g=u=daemon). Otherwise, when the 
sender of the mail is not in the local machine, sendmail changes its owner
and group identity to that specify by the g and u options.

	Finally my question: is there any chance to change the wrapper
permissions to -wrs--x--- and have the sendmail delivering local mails? 
The problem is that if the wrapper is set to
			 -wrs--x--- root majordom wrapper 
and then sendmail changes its owner an group identity to that of the 
sender, it won't be able to execute the wrapper and the result will be
an unknown mailer error 1. 
I tried to follow David Wolfe suggestion of changing the settings to 
			 -wrs--x--- root daemon wrapper
but the result was that when the sender of the mail was not in the local
machine delivery worked fine, but when the sender of the mail was local, 
sendmail wasn't able to execute the wrapper and the result was an unknown 
mailer error 1.
	We are worried about security: is the bit x set to others a 
security hole?. We were able to copy a shell to the majordomo directory 
and to run it with /pron2/majordomo/wrapper sh and we succeded! 
			
Yours Sincerely,
Victor Daniel Gadda
Jose Ignacio Alvarez Hamelin
admin@delec.fi.uba.ar	
Facultad de Ingenieria de la Universidad de Buenos Aires. 
:-)  :-)  :-)  :-)  :)  :-)  :-)  :-)  :-)
Indexed By Date Previous: Re: your mail
From: dwolfe@risc.sps.mot.com (Dave Wolfe)
Next: Majordomo and virtual domains.
From: Thomas Leavitt <leavitt@webcom.com>
Indexed By Thread Previous: Re: Aliases on HP-UX
From: Rob Bartlett EDL/Z 4681 <etlrjb@etlxdmx.ericsson.se>
Next: Re: wrapper and security
From: dwolfe@risc.sps.mot.com (Dave Wolfe)
Google
 
Search Internet Search www.greatcircle.com