Bug 3936

Summary: User Private Groups conflict with sendmail/procmail security
Product: [Retired] Red Hat Linux Reporter: peterd
Component: sendmailAssignee: Cristian Gafton <gafton>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 6.0   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 1999-08-27 22:48:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description peterd 1999-07-07 19:00:07 UTC 
Have just upgraded to RedHat 6.0 (i.e. sendmail 8.9.3) from
RedHat 5.2 with sendmail 8.8.7 - forwarding has stopped
working.

The security improvements in sendmail stop .forward files
being read from group writable directories

However, out-of-the box, RedHat has User Private Groups and
a umask of 002. Sendmail complains, and won't read the
.forward file. This could be fixed with ODontBlameSendmail,
but I feel it's a more fundamental problem. UPG is secure
(ish), but sendmail can't distinguish between a secure setup
with group writable dirs and an insecure one.

See related problem with procmail.
Comment 1 Cristian Gafton 1999-08-27 22:48:59 UTC 
If we change these security checks for sendmail to be more relaxed
thenwe face the problem of the NFS mounted directories, other setups,
etc.

No matter how we go about it somebody will get upset either that we
left the default in place or that we did not. Requiring .forward files
to have 600 permission is a sensible thing to do anyway when it comes
to security, regardless of the UPG being used.