First Last Prev Next    This bug is not in your last search results.
Bug 3936 - User Private Groups conflict with sendmail/procmail security
User Private Groups conflict with sendmail/procmail security
Status: CLOSED WONTFIX
Product: Red Hat Linux
Classification: Retired
Component: sendmail (Show other bugs)
6.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Cristian Gafton
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 1999-07-07 15:00 EDT by peterd
Modified: 2008-05-01 11:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 1999-08-27 18:48:16 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description peterd 1999-07-07 15:00:07 EDT 
Have just upgraded to RedHat 6.0 (i.e. sendmail 8.9.3) from
RedHat 5.2 with sendmail 8.8.7 - forwarding has stopped
working.

The security improvements in sendmail stop .forward files
being read from group writable directories

However, out-of-the box, RedHat has User Private Groups and
a umask of 002. Sendmail complains, and won't read the
.forward file. This could be fixed with ODontBlameSendmail,
but I feel it's a more fundamental problem. UPG is secure
(ish), but sendmail can't distinguish between a secure setup
with group writable dirs and an insecure one.

See related problem with procmail.
Comment 1 Cristian Gafton 1999-08-27 18:48:59 EDT 
If we change these security checks for sendmail to be more relaxed
thenwe face the problem of the NFS mounted directories, other setups,
etc.

No matter how we go about it somebody will get upset either that we
left the default in place or that we did not. Requiring .forward files
to have 600 permission is a sensible thing to do anyway when it comes
to security, regardless of the UPG being used.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.