Bugtraq mailing list archives
Re: sendmail 8.8.4 and initgroups (fwd)
From: eric () sendmail org (Eric Allman)
Date: Fri, 13 Dec 1996 08:43:36 -0800
Thanks -- actually I have a somewhat different fix (attached), which involves dropping the group list unconditionally on startup. Also, I don't believe your fix is actually secure; it has been demonstrated to me that it is possible to force getpwuid to fail. Since you simply don't do the initgroups in this case, your fix can be tricked into not dropping the group list. You say that you submitted patches to fix this previously, but I have no record of having gotten anything from you. I'm sorry if I accidently deleted something you sent in; I am busy enough that I do occassionally purge the wrong message. eric ============= In Reply To: =========================================== : From: Michael Douglass <mikedoug () texas net> : Subject: sendmail 8.8.4 and initgroups (fwd) : Date: Thu, 12 Dec 1996 17:14:06 -0600 (CST) : I guess ya'll would want this too; patches follow. : : Michael Douglass : Texas Networking, Inc. : : "The past is a foreign country; they do things differently there." : L. P. Hartley, British author. The Go-Between, Prologue (1953). : : ---------- Forwarded message ---------- : Date: Wed, 11 Dec 1996 15:57:20 -0600 (CST) : From: Michael Douglass <mikedoug () texas net> : To: bugtraq () netspace org : Subject: sendmail 8.8.4 and initgroups : : Okay, call me annoying; but call me concerned... : : Why is it that the initgroups() is not done until deliver.c??? I'm confused. : The *purpose* behind the setuid/setgid/initgroups is for security right? So : in main, you have: : : if (OpMode != MD_DAEMON && OpMode != MD_FGDAEMON) : { : /* drop privileges -- daemon mode done after socket/bind */ : if (RunAsGid != 0) : (void) setgid(RunAsGid); : if (RunAsUid != 0) : (void) setuid(RunAsUid); : } : : and: : : /* drop privileges */ : if (RunAsGid != 0) : (void) setgid(RunAsGid); : if (RunAsUid != 0) : (void) setuid(RunAsUid); : : So we set the uid and gid here; but we are *STILL* not calling initgroups : here as we should. There is no reason to keep all of those groups when : we are explicitly saying "use this uid:gid"... I submitted the patches : to fix this the last time I brought up this initgroups() bug in 8.8.3 and : was told "get 8.8.4"... Well, I got 8.8.4 and it's *still* not fixed. : : Here is some more info; I started 8.8.4 and then hand telnetted into the : port. Here is the credentials from the process: : : 21780: e/r/suid=99 e/r/sgid=6 : groups: 1 0 2 3 4 5 6 7 8 9 15 12 : : *wrong-o-buddy* : : Michael Douglass : Texas Networking, Inc. : : "The past is a foreign country; they do things differently there." : L. P. Hartley, British author. The Go-Between, Prologue (1953). : :
Current thread:
- Re: sendmail 8.8.4 and initgroups (fwd) Eric Allman (Dec 13)
- <Possible follow-ups>
- Re: sendmail 8.8.4 and initgroups (fwd) Eric Allman (Dec 13)