Bug#476576: marked as done ([dkimproxy] dkimproxy run as user root and not as user dkimproxy, also the home dir of user dkimproxy is posible wrong location, unsafe secret key permission)

[Debian Bug Tracking System]

Your message dated Fri, 18 Apr 2008 23:02:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#476576: fixed in dkimproxy 1.0.1-5
has caused the Debian Bug report #476576,
regarding [dkimproxy] dkimproxy run as user root and not as user dkimproxy, 
also the home dir of user dkimproxy is posible wrong location, unsafe secret 
key permission
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
476576: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476576
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems

--- Begin Message ---

Package: dkimproxy
Version: 1.0.1-1
Severity: serious
Tags: security
X-Debbugs-CC: [EMAIL PROTECTED]

--- Please enter the report below this line. ---

dkimproxy runs as user root, but it dos not need the rigths of the user root, to fix this change /etc/init.d/dkimproxy:

30,31c30,31

< DKIMPROXY_IN_ARGS="--hostname=${DKIM_HOSTNAME} 127.0.0.1:10026 127.0.0.1:10027" < DKIMPROXY_OUT_ARGS="--keyfile=${DKIMPROXY_OUT_PRIVKEY} --selector=postfix --domain=${DOMAIN} --method=simple --signature=dkim --signature domainkeys 127.0.0.1:10028 127.0.0.1:10029"

---

> DKIMPROXY_IN_ARGS="--hostname=${DKIM_HOSTNAME} 127.0.0.1:10026 127.0.0.1:10027 --user=${DKIMPROXYUSER} --group=${DKIMPROXYGROUP}" > DKIMPROXY_OUT_ARGS="--keyfile=${DKIMPROXY_OUT_PRIVKEY} --selector=postfix --domain=${DOMAIN} --method=simple --signature=dkim --signature domainkeys 127.0.0.1:10028 127.0.0.1:10029 --user=${DKIMPROXYUSER} --group=${DKIMPROXYGROUP}"

also the home dir of the user dkimproxy is
/home/dkimproxy but I think it should be /var/lib/dkimproxy

the permission of the secret key file are also unsafe,
the are:
-rw-r--r-- 1 root root 887 17. Apr 19:22 /var/lib/dkimproxy/private.key
the should be imho:
-rw-r----- 1 root dkimproxy 887 17. Apr 19:22 /var/lib/dkimproxy/private.key

--- System information. ---
Architecture: i386
Kernel:       Linux 2.6.24.4-1

Debian Release: lenny/sid
  500 testing         www.debian-multimedia.org
  500 testing         security.debian.org
  500 testing         ftp.de.debian.org
  500 stable          security.debian.org

--- Package information. ---
Depends                      (Version) | Installed
======================================-+-==============
adduser                                | 3.107
liberror-perl                          | 0.17-1
libmail-dkim-perl            (>= 0.29) | 0.30.1-1
libnet-server-perl                     | 0.97-1
libtext-wrapper-perl                   | 1.000-2
lsb-base                               | 3.1-24
openssl                                | 0.9.8g-8
perl                     (>= 5.6.0-16) | 5.8.8-12

--- End Message ---

--- Begin Message ---

Source: dkimproxy
Source-Version: 1.0.1-5

We believe that the bug you reported is fixed in the latest version of
dkimproxy, which is due to be installed in the Debian FTP archive:

dkimproxy_1.0.1-5.diff.gz
  to pool/main/d/dkimproxy/dkimproxy_1.0.1-5.diff.gz
dkimproxy_1.0.1-5.dsc
  to pool/main/d/dkimproxy/dkimproxy_1.0.1-5.dsc
dkimproxy_1.0.1-5_all.deb
  to pool/main/d/dkimproxy/dkimproxy_1.0.1-5_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thomas Goirand <[EMAIL PROTECTED]> (supplier of updated dkimproxy package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 18 Apr 2008 08:21:14 +0000
Source: dkimproxy
Binary: dkimproxy
Architecture: source all
Version: 1.0.1-5
Distribution: unstable
Urgency: low
Maintainer: Thomas Goirand <[EMAIL PROTECTED]>
Changed-By: Thomas Goirand <[EMAIL PROTECTED]>
Description: 
 dkimproxy  - an SMTP-proxy that signs and/or verifies emails, using the Mail::
Closes: 476576
Changes: 
 dkimproxy (1.0.1-5) unstable; urgency=low
 .
   * dkimproxy now runs under the privileges of it's user, and the private key
     has now lower rights so only root can read it (Closes: #476576).
Checksums-Sha1: 
 d8ba4790b1f5a0c59ce21ef7d8e8bae6a07c681e 1090 dkimproxy_1.0.1-5.dsc
 a07ceb29c85588c12f08b9c56fd585260765f11c 8908 dkimproxy_1.0.1-5.diff.gz
 df75bd5ab4c8a7717bc3b7941524b259f9389a68 33976 dkimproxy_1.0.1-5_all.deb
Checksums-Sha256: 
 7be5d656e9bf1cfa2fd9d4a384652c41152258cf7740950cafc63654c98eadac 1090 
dkimproxy_1.0.1-5.dsc
 b6d5b949d77a14a4e0d0bac7755188674f7acb5781f2416a15b052d962b47971 8908 
dkimproxy_1.0.1-5.diff.gz
 4d4e11e997a5128d006636d35e704ebcc0fd9e3d27764b3ace6b835f009e7e2a 33976 
dkimproxy_1.0.1-5_all.deb
Files: 
 e8cc87600e511dd571f60e8d998a94cc 1090 mail optional dkimproxy_1.0.1-5.dsc
 bcaff2e84fb3cddf217a9d6cd28e4386 8908 mail optional dkimproxy_1.0.1-5.diff.gz
 7a61438c00a1b0805ade4eb825e60988 33976 mail optional dkimproxy_1.0.1-5_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFICSWH5SXWIKfIlGQRAnwUAKDFnes9yxqU3omyIVaMa3xdabQFGwCgt52n
IcMS8nEDt3ZshdzfkOdlP90=
=S5OD
-----END PGP SIGNATURE-----

--- End Message ---