Bug#476576: [dkimproxy] dkimproxy run as user root and not as user dkimproxy, also the home dir of user dkimproxy is posible wrong location, unsafe secret key permission

Fri, 18 Apr 2008 01:13:36 -0700 

Thanks for this bug report, this will be addressed shortly.

Thomas

Falk Hackenberger wrote:
> Package: dkimproxy
> Version: 1.0.1-1
> Severity: serious
> Tags: security
> X-Debbugs-CC: [EMAIL PROTECTED]
> 
> --- Please enter the report below this line. ---
> 
> dkimproxy runs as user root, but it dos not need the rigths of the user
> root, to fix this change /etc/init.d/dkimproxy:
> 
> 30,31c30,31
> < DKIMPROXY_IN_ARGS="--hostname=${DKIM_HOSTNAME} 127.0.0.1:10026
> 127.0.0.1:10027"
> < DKIMPROXY_OUT_ARGS="--keyfile=${DKIMPROXY_OUT_PRIVKEY}
> --selector=postfix --domain=${DOMAIN} --method=simple --signature=dkim
> --signature domainkeys 127.0.0.1:10028 127.0.0.1:10029"
> ---
>> DKIMPROXY_IN_ARGS="--hostname=${DKIM_HOSTNAME} 127.0.0.1:10026
> 127.0.0.1:10027 --user=${DKIMPROXYUSER} --group=${DKIMPROXYGROUP}"
>> DKIMPROXY_OUT_ARGS="--keyfile=${DKIMPROXY_OUT_PRIVKEY}
> --selector=postfix --domain=${DOMAIN} --method=simple --signature=dkim
> --signature domainkeys 127.0.0.1:10028 127.0.0.1:10029
> --user=${DKIMPROXYUSER} --group=${DKIMPROXYGROUP}"
> 
> also the home dir of the user dkimproxy is
> /home/dkimproxy but I think it should be /var/lib/dkimproxy
> 
> the permission of the secret key file are also unsafe,
> the are:
> -rw-r--r-- 1 root root 887 17. Apr 19:22 /var/lib/dkimproxy/private.key
> the should be imho:
> -rw-r----- 1 root dkimproxy 887 17. Apr 19:22
> /var/lib/dkimproxy/private.key
> 
> --- System information. ---
> Architecture: i386
> Kernel:       Linux 2.6.24.4-1
> 
> Debian Release: lenny/sid
>   500 testing         www.debian-multimedia.org
>   500 testing         security.debian.org
>   500 testing         ftp.de.debian.org
>   500 stable          security.debian.org
> 
> --- Package information. ---
> Depends                      (Version) | Installed
> ======================================-+-==============
> adduser                                | 3.107
> liberror-perl                          | 0.17-1
> libmail-dkim-perl            (>= 0.29) | 0.30.1-1
> libnet-server-perl                     | 0.97-1
> libtext-wrapper-perl                   | 1.000-2
> lsb-base                               | 3.1-24
> openssl                                | 0.9.8g-8
> perl                     (>= 5.6.0-16) | 5.8.8-12
> 
> 
> 
> 




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to