Bug 3936 - User Private Groups conflict with sendmail/procmail security
Summary: User Private Groups conflict with sendmail/procmail security
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: sendmail
Version: 6.0
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Cristian Gafton
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 1999-07-07 19:00 UTC by peterd
Modified: 2008-05-01 15:37 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 1999-08-27 22:48:16 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description peterd 1999-07-07 19:00:07 UTC 
Have just upgraded to RedHat 6.0 (i.e. sendmail 8.9.3) from
RedHat 5.2 with sendmail 8.8.7 - forwarding has stopped
working.

The security improvements in sendmail stop .forward files
being read from group writable directories

However, out-of-the box, RedHat has User Private Groups and
a umask of 002. Sendmail complains, and won't read the
.forward file. This could be fixed with ODontBlameSendmail,
but I feel it's a more fundamental problem. UPG is secure
(ish), but sendmail can't distinguish between a secure setup
with group writable dirs and an insecure one.

See related problem with procmail.
Comment 1 Cristian Gafton 1999-08-27 22:48:59 UTC 
If we change these security checks for sendmail to be more relaxed
thenwe face the problem of the NFS mounted directories, other setups,
etc.

No matter how we go about it somebody will get upset either that we
left the default in place or that we did not. Requiring .forward files
to have 600 permission is a sensible thing to do anyway when it comes
to security, regardless of the UPG being used.
Note You need to log in before you can comment on or make changes to this bug.