Re: [maildropl] Re: maildrop/mysql, signal 0x0B (only with postfix) - Tony Earnshaw - net.sourceforge.lists.courier-maildrop

4 messages in net.sourceforge.lists.courier-maildropRe: [maildropl] Re: maildrop/mysql, s...

From	Sent On	Attachments
Joris mak	May 21, 2004 4:19 pm
Joris mak	May 22, 2004 4:39 am
Tony Earnshaw	May 22, 2004 7:57 am
Matthew R J Anderson	May 27, 2004 8:57 am

	Permalink for this message Paste this link in email or IM:
	Permalink for this thread Paste this link in email or IM:
	Atom feed for this thread Paste this URL into your reader:

Subject:	Re: [maildropl] Re: maildrop/mysql, signal 0x0B (only with postfix)	Actions...
From:	Tony Earnshaw (ton...@billy.demon.nl)
Date:	May 22, 2004 7:57:45 am
List:	net.sourceforge.lists.courier-maildrop

lør, 22.05.2004 kl. 13.39 skrev Joris mak: [...]

Sooo... changed the owner of the maildrop binary to root, and set the +s flag. Everything works fine now.

But setting setsuid, is that the correct thing todo?

Maildrop - 1.6.3 w/LDAP support and called by dspam 2.10.6 out of Postfix 2.1 - has only ever worked properly for me with perms 6755 - suid/sgid. Same with dspam. As long as maildrop/dspam run on dedicated systems with no user shell access or vulnerable, network-accessible daemons, suid/sgid can't IMHO do much harm, but vulnerable daemons (proved buffer overflow, ASN.1 or other vulnerabilities such as user shell-access) would make suid/sgid questionable. I'd welcome any security expert's views on this.

--Tonni

We make out of the quarrel with others rhetoric but out of the quarrel with ourselves, poetry.

mail: ton...@billy.demon.nl http://www.billy.demon.nl

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets
	Permalink to these results Paste this link in email or IM:
	Atom feed for tracking future search results Paste this URL into your reader: