Bug 11751

Summary: imapd files installed suid root
Product: [Retired] Red Hat Powertools Reporter: Michael Tokarev <mjt>
Component: cyrus-imapdAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: high    
Version: 6.2Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2000-06-10 21:02:18 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Michael Tokarev 2000-05-30 13:36:47 UTC 
All imapd files that should be suid/sgid installed
as uid/gid = root, so they are suid/sgid root.
This is a %defattr(-,root,root) in .spec,
need explicit entry for each suid/sgid file.
Comment 1 Michael Tokarev 2000-05-30 13:39:59 UTC 
Ops, forget to mention --
the same is in all versions of it, not only 6.2.
It is also at current (30-may-2000) rawhide.
And there is also 1.6.24 version already (and sasl-1.5.21).
Comment 2 Nalin Dahyabhai 2000-05-30 18:55:59 UTC 
Cyrus should not be setuid-root.  Cyrus imapd runs as a dedicated user, and
cannot be run setuid-root (it returns an error if it's started as any other
user, including root).
Comment 3 Michael Tokarev 2000-05-30 19:00:59 UTC 
Yes, you are right, but this what I tell about.
After installing cyrus-imapd-1.6.19-2:

$ ls -l /usr/cyrus/bin/
total 2988
-rwxr-xr-x   1 root     root        63696 Feb 11 19:21 arbitron*
-rwxr-xr-x   1 root     root       582416 Feb 11 19:21 collectnews*
-rwsr-x---   1 root     root       638888 Feb 11 19:21 deliver*
  ^^          ^^^^^^   ^^^^^^
-rwxr-sr-x   1 root     root         3608 Feb 11 19:21 deliver-wrapper*
     ^^       ^^^^^^   ^^^^^^
-rwxr-xr-x   1 root     root        63440 Feb 11 19:21 dump_deliverdb*
-rwxr-xr-x   1 root     root         1778 Feb 11 19:21 feedcyrus*
-rwxr-xr-x   1 root     root        64144 Feb 11 19:21 fud*
-rwxr-xr-x   1 root     root       650384 Feb 11 19:21 imapd*
-rwxr-xr-x   1 root     root        63248 Feb 11 19:21 mbpath*
-rwxr-xr-x   1 root     root        79216 Feb 11 19:21 pop3d*
-rwxr-xr-x   1 root     root        65648 Feb 11 19:21 quota*
-rwxr-xr-x   1 root     root       582352 Feb 11 19:21 reconstruct*
-rwxr-xr-x   1 root     root        64560 Feb 11 19:21 syncnews*
-rwxr-xr-x   1 root     root        58928 Feb 11 19:21 timsieved*

$ _
Comment 4 Nalin Dahyabhai 2000-08-04 06:19:07 UTC 
This will be fixed in Raw Hide.