Bug 3937 - User Private Groups and procmail security conflict.
Summary: User Private Groups and procmail security conflict.
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: procmail
Version: 6.0
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: David Lawrence
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 1999-07-07 19:03 UTC by peterd
Modified: 2008-05-01 15:37 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 1999-08-30 02:50:45 UTC
Embargoed:

Attachments (Terms of Use)

Description peterd 1999-07-07 19:03:26 UTC 
Have just upgraded to RedHat 6.0 from RedHat 5.2 and
procmail processing has stopped working.

The security improvements in procmail stop $HOME/.procmailrc
files being read from group writable directories

However, out-of-the box, RedHat has User Private Groups and
a umask of 002. Procmail complains, and won't read the
.procmailrc file, resulting in no processing. UPG is secure
(ish), but procmail can't distinguish between a secure setup
with group writable dirs and an insecure one.

See related problem with sendmail. I'll be happy to continue
discussion of this problem by e-mail.
Comment 1 Cristian Gafton 1999-08-30 02:50:59 UTC 
Fixed in procmail-3.13.1-4 and later ; available in rawhide. Will be
integrated in the next release
Note You need to log in before you can comment on or make changes to this bug.