Bug 2242
| Summary: | Procmail security update ignores .procmail file | ||
|---|---|---|---|
| Product: | [Retired] Red Hat Linux | Reporter: | aseward |
| Component: | procmail | Assignee: | Trond Eivind Glomsrxd <teg> |
| Status: | CLOSED NEXTRELEASE | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 5.2 | CC: | djdave, era+redhat-bugs, fdragon, herrold, jamie, jmknoble, smooge |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 1999-08-19 20:19:20 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
aseward
1999-04-17 19:10:37 UTC
Apr 17 16:21:11 swampfox procmail[14056]: Suspicious rcfile
"/home/herrold/.procmailrc"
.... the issue, as indicated in the procmail man page is that
the new build treats as 'Suspicious' a .procmailrc file which resides
in a world writable directory.
A better practice would have been to have tested and found this before
releasing the updated RPM, given the rather slight 'risk' of the
latest 'exploit.'
==========
autorpm]# grep procm install.log
Sat Nov 7 16:38:18 EST 1998 - procmail-3.10-12 -> procmail-3.10-13
Sat Apr 17 04:40:53 EDT 1999 - procmail-3.10-13 -> procmail-3.13.1-1
==========
This is new, from the man page:
Suspicious rcfile "x" The owner of the rcfile was not the
recipient or root, the file was
world writable, or the directory
that contained it was world
writable, or this was the default
rcfile ($HOME/.procmailrc) and ei-
ther it was group writable or the
directory that contained it was
group writable (the rcfile was not
used).
At least on with my setup, the problem is not the writability of the directory. My home directory is only writable (or readable for that matter) by me. Since UMASK is set to 022 for the user private groups that RedHat uses, the .procmailrc file was group writable. There should have been a note on the errata page mentioning this. If a sysadmin has been vigilant about following the user private group strategy, then a group readable and writable .procmailrc file is not a security risk. We have posted a shell script to run on a host, possibly in a crontab entry, to highlight to the end user, and optionally to root, if the ver. 3.13 changes are likely to 'complain.' see: http://swampfox.owlriver.com/files/ORCprocmailcheck The problem is a change introduced in procmail 3.12: "- Don't use $HOME/.procmailrc if it's group-writable or in a group-writable directory, unless if the user's default group and GROUP_PER_USER is set in config.h" The solution would seem to be: set GROUP_PER_USER in config.h. Would some developer be so kind? ... from the maintainer of procmail, his suggestion for the PROPER fix: From: Philip Guenther <guenther> To: herrold Subject: Re: Response to procmail 3.13.1 changes R P Herrold <herrold+res> writes: >The changes in procmail ver 3.13.1 (actually present since 3.12, >it seems) now 'complain' to the maillog if it deems file >permissions, directory ownerships, or other factors "Suspicious" >with the .procmailrc file ... > >The popular RedHat distribution update is 'broken' in such a >fashion, with its approach to 'groups' management. If RedHat distributions typically have a group per user, then the procmail 3.13.1 binary RPM(s) should have been compiled with GROUP_PER_USER defined. If that is not true then it should be reported to the person who generated that distribution so that they can either correct it, or generate another set of RPMs that were compiled with it defined. - ------- Additional Comments From 05/09/99 15:36 ------- I've provided a patch for the RH 6.0 procmail-3.13.1-2 rpm, as well as a .src.rpm and a .i386.rpm built with that added patch at http://cs.wilpaterson.edu/~scottw/shebang/ *** Bug 2290 has been marked as a duplicate of this bug. *** According to procmail's HISTORY file, procmail-3.12 introduced a new behavior with respect to group-writable .procmailrc files and .procmailrc files located in group-writable directories. Specifically, procmail ignores such a .procmailrc unless GROUP_PER_USER has been defined in config.h at compile-time. The most recent procmail update packages (3.13.1) do not have GROUP_PER_USER defined and fail to function properly on Red Hat Linux systems. ------- Additional Comments From notting 04/21/99 11:34 ------- *** Bug 2291 has been marked as a duplicate of this bug. *** According to procmail's HISTORY file, procmail-3.12 introduced a new behavior with respect to group-writable .procmailrc files and .procmailrc files located in group-writable directories. Specifically, procmail ignores such a .procmailrc unless GROUP_PER_USER has been defined in config.h at compile-time. The most recent procmail update packages (3.13.1) do not have GROUP_PER_USER defined and fail to function properly on Red Hat Linux systems.*** Bug 3320 has been marked as a duplicate of this bug. *** After upgrade from RedHat 5.2 to 6.0 procmail stoped working and this appears in /var/log/messages for every inbound message. replace user with user's name ------- Additional Comments From 06/15/99 05:55 ------- Just for the record, I added a note about this to the Procmail FAQ I maintain at <http://www.iki.fi/era/procmail/mini-faq.html#group-writable> Need to check out the patch at http://cs.wilpaterson.edu/~scottw/shebang/ to see whether to include it in the package. fixed in Raw Hide. |