Bug 3937 - User Private Groups and procmail security conflict.
User Private Groups and procmail security conflict.
Status: CLOSED NEXTRELEASE
Product: Red Hat Linux
Classification: Retired
Component: procmail (Show other bugs)
6.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: David Lawrence
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 1999-07-07 15:03 EDT by peterd
Modified: 2008-05-01 11:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 1999-08-29 22:50:45 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description peterd 1999-07-07 15:03:26 EDT
Have just upgraded to RedHat 6.0 from RedHat 5.2 and
procmail processing has stopped working.

The security improvements in procmail stop $HOME/.procmailrc
files being read from group writable directories

However, out-of-the box, RedHat has User Private Groups and
a umask of 002. Procmail complains, and won't read the
.procmailrc file, resulting in no processing. UPG is secure
(ish), but procmail can't distinguish between a secure setup
with group writable dirs and an insecure one.

See related problem with sendmail. I'll be happy to continue
discussion of this problem by e-mail.
Comment 1 Cristian Gafton 1999-08-29 22:50:59 EDT
Fixed in procmail-3.13.1-4 and later ; available in rawhide. Will be
integrated in the next release

Note You need to log in before you can comment on or make changes to this bug.