On Wednesday 20 July 2005 07:04, Robin H. Johnson wrote: > For common operation of qmail-smtpd, vchkpw is NOT required. SMTP > AUTH is the only reason qmail-smtpd would call vchkpw.
True. Sorry for not realizing that. > chsh has also been vetted for security problems a LOT more > closely than vchkpw. I don't trust vchkpw with suid-root. Then use suidctl? > The postfix maintainers were asked about it once before, and the > answer was that there wasn't enough demand for it. You're only > the second person that's asked (that I am aware of). ...and I'm not actually asking for it, though it would be nice to be in the ebuild just for the sake of completeness. I don't actually know anybody who uses postfix+vpopmail on the vpopmail list. > This is decidedly not a good idea, unless vchkpw gets locked up > more so that only specific things can run it (otherwise it can > easily be used to brute-force passwords). True. Would the best way to do that be to only give the vpopmail group execute access to vchkpw, and then add qmail-smtpd to that group, but still have vchkpw suid? It seems that su could be easily used to brute-force passwords, too, but it's suid by default. Maybe what is needed is an extension to suidctl where emerge checks any installed binaries against things present in suidctl.conf that *should* be made suid if they're listed in there even if they're not suid by default? Cheers, -- Casey Allen Shobe | http://casey.shobe.info [EMAIL PROTECTED] | cell 425-443-4653 AIM & Yahoo: SomeLinuxGuy | ICQ: 1494523 SeattleServer.com, Inc. | http://www.seattleserver.com -- gentoo-dev@gentoo.org mailing list
