Josip Rodin writes:
On Sun, Jan 10, 2010 at 05:06:56PM +0100, Christoph Anton Mitterer wrote:Not sure if this actually a hole or if I just misunderstand something,... but:In debian /usr/bin/maildrop ist installed: -rwxr-sr-x 1 root mail 163k Nov 9 01:11 /usr/bin/maildrop So I'd expect that the following invocation (as root!!): # maildrop -d vmail results in something like the following contents of /tmp/foo: uid=115(vmail) gid=119(vmail) groups=119(vmail),119(vmail) when ~vmail/.mailfilter is: `id` Right so far? It does however result in: uid=115(vmail) gid=0(root) groups=119(vmail),0(root) which can be quite security critical as it now has root-group privileges.Hmm. It shouldn't have anything to do with the setgid bit, because it's setgid to the mail group, not the root group. I think we've had a bug report related to the supplementary groups once before, maybe the patch somehow got lost, I'll need to check the history. Sam?
This depends on the maildrop configuration, but generally setgroupid won't have any effect if maildrop is invoked as root, since maildrop will use the userid specified by the -d option to set its running group and userid anyway.
pgpOxe8DIoSHs.pgp
Description: PGP signature
