Red Hat Bugzilla – Bug 41912
/usr/cyrus/bin/deliver-wrapper is cyrus writable
Last modified: 2008-05-01 11:38:00 EDT
Description of Problem:
(rawhide powertools cyrus-imapd-2.0.9-3)
cyrus:mail owns /usr/cyrus/bin/deliver-wrapper (and the
program is setgid). Why is the program owned(writable) by cyrus ? If
somebody can get user cyrus permissions they can modify the program -->
possibility to gain more privileges.
(I haven't fully investigated the issue and apologize if this is a non
Closing, Power Tools no longer supported.