On 2019-03-25 1:32 a.m., Viktor Dukhovni wrote: >> On Mar 24, 2019, at 8:17 PM, Simon Deziel <si...@sdeziel.info> wrote: >> >> I was not clear because my issue is indeed with those accesses before >> privs get dropped. I noticed that tlsproxy accesses tlsmgr's socket >> while still running as root so it depends on its CAP_DAC_READ_SEARCH >> capability. My workaround to not need that cap was to change the perms >> to be like: >> >> $ ls -ld /var/spool/postfix/private/ >> drwx--x--- 2 postfix root 4096 Mar 24 16:54 /var/spool/postfix/private/ >> >> And with that group search bit on, the tlsproxy process no longer >> depends on the CAP_DAC_READ_SEARCH cap to get to tlsmgr's socket. >> >> In other words, this group search bit allows to _not_ depend on the >> CAP_DAC_READ_SEARCH which sounded like an improvement to me. That's what >> I wanted to validate with the mailing list. > > Sorry, that breaks the Postfix internal access control model in unsupported > ways. Root needs to be able to read the directory with its standard > permissions.
OK, thank you. Regards, Simon
