On Sun, Jan 10, 2010 at 05:06:56PM +0100, Christoph Anton Mitterer wrote:
> Not sure if this actually a hole or if I just misunderstand
> something,... but:
>
> In debian /usr/bin/maildrop ist installed:
> -rwxr-sr-x 1 root mail 163k Nov 9 01:11 /usr/bin/maildrop
>
> So I'd expect that the following invocation (as root!!):
> # maildrop -d vmail
> results in something like the following contents of /tmp/foo:
> uid=115(vmail) gid=119(vmail) groups=119(vmail),119(vmail)
> when ~vmail/.mailfilter is:
> `id`
>
> Right so far?
> It does however result in:
> uid=115(vmail) gid=0(root) groups=119(vmail),0(root)
> which can be quite security critical as it now has root-group
> privileges.
Hmm. It shouldn't have anything to do with the setgid bit, because it's
setgid to the mail group, not the root group.
I think we've had a bug report related to the supplementary groups once
before, maybe the patch somehow got lost, I'll need to check the history.
Sam?
--
2. That which causes joy or happiness.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
