Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: sendmail 8.8.4 and initgroups (fwd)

From: eric () sendmail org (Eric Allman)
Date: Fri, 13 Dec 1996 08:43:36 -0800

Thanks -- actually I have a somewhat different fix (attached), which
involves dropping the group list unconditionally on startup.  Also, I
don't believe your fix is actually secure; it has been demonstrated
to me that it is possible to force getpwuid to fail.  Since you simply
don't do the initgroups in this case, your fix can be tricked into
not dropping the group list.

You say that you submitted patches to fix this previously, but I have
no record of having gotten anything from you.  I'm sorry if I accidently
deleted something you sent in; I am busy enough that I do occassionally
purge the wrong message.

eric


============= In Reply To: ===========================================
: From:  Michael Douglass <mikedoug () texas net>
: Subject:  sendmail 8.8.4 and initgroups (fwd)
: Date:  Thu, 12 Dec 1996 17:14:06 -0600 (CST)

: I guess ya'll would want this too; patches follow.
:
: Michael Douglass
: Texas Networking, Inc.
:
:  "The past is a foreign country; they do things differently there."
:       L. P. Hartley, British author. The Go-Between, Prologue (1953).
:
: ---------- Forwarded message ----------
: Date: Wed, 11 Dec 1996 15:57:20 -0600 (CST)
: From: Michael Douglass <mikedoug () texas net>
: To: bugtraq () netspace org
: Subject: sendmail 8.8.4 and initgroups
:
: Okay, call me annoying; but call me concerned...
:
: Why is it that the initgroups() is not done until deliver.c???  I'm confused.
: The *purpose* behind the setuid/setgid/initgroups is for security right?  So
: in main, you have:
:
:  if (OpMode != MD_DAEMON && OpMode != MD_FGDAEMON)
:         {
:                 /* drop privileges -- daemon mode done after socket/bind */
:                 if (RunAsGid != 0)
:                         (void) setgid(RunAsGid);
:                 if (RunAsUid != 0)
:                         (void) setuid(RunAsUid);
:         }
:
: and:
:
:                 /* drop privileges */
:                 if (RunAsGid != 0)
:                         (void) setgid(RunAsGid);
:                 if (RunAsUid != 0)
:                         (void) setuid(RunAsUid);
:
: So we set the uid and gid here; but we are *STILL* not calling initgroups
: here as we should.  There is no reason to keep all of those groups when
: we are explicitly saying "use this uid:gid"...  I submitted the patches
: to fix this the last time I brought up this initgroups() bug in 8.8.3 and
: was told "get 8.8.4"... Well, I got 8.8.4 and it's *still* not fixed.
:
: Here is some more info; I started 8.8.4 and then hand telnetted into the
: port.  Here is the credentials from the process:
:
: 21780:  e/r/suid=99  e/r/sgid=6
:         groups: 1 0 2 3 4 5 6 7 8 9 15 12
:
: *wrong-o-buddy*
:
: Michael Douglass
: Texas Networking, Inc.
:
:  "The past is a foreign country; they do things differently there."
:       L. P. Hartley, British author. The Go-Between, Prologue (1953).
:
:
Previous By Date Next
Previous By Thread Next

Current thread: