Package: maildrop Justification: user security hole Severity: grave Tags: security
Hi. Not sure if this actually a hole or if I just misunderstand something,... but: In debian /usr/bin/maildrop ist installed: -rwxr-sr-x 1 root mail 163k Nov 9 01:11 /usr/bin/maildrop So I'd expect that the following invocation (as root!!): # maildrop -d vmail results in something like the following contents of /tmp/foo: uid=115(vmail) gid=119(vmail) groups=119(vmail),119(vmail) when ~vmail/.mailfilter is: `id` Right so far? It does however result in: uid=115(vmail) gid=0(root) groups=119(vmail),0(root) which can be quite security critical as it now has root-group privileges. Cheers, Chris. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
