[20727] in bugtraq
Re: Unsafe assumptions (Re: Mail delivery...)
daemon@ATHENA.MIT.EDU (Marcus Meissner)
Sat May 19 22:05:58 2001
Date: Sat, 19 May 2001 22:14:51 +0200
From: Marcus Meissner <Marcus.Meissner@caldera.de>
To: Olaf Titz <olaf@bigred.inka.de>
Cc: bugtraq@securityfocus.com
Message-ID: <20010519221451.A20566@caldera.de>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="tKW2IUtsqtDRztdT"
Content-Disposition: inline
In-Reply-To: <E1515WW-00005q-00@g212.hadiko.de>; from olaf@bigred.inka.de on Sat, May 19, 2001 at 02:07:47PM +0200
--tKW2IUtsqtDRztdT
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
On Sat, May 19, 2001 at 02:07:47PM +0200, Olaf Titz wrote:
> > local delivery agent(s). After all that's all you've got with "*.lock"
> > files, since they too are only advisory locks. Putting them into the
> > kernel simply makes it possible to eliminate the risk of a mode 01777
> > spool directory. (The risk is already quite low of course if you
> > pre-create all mailbox spool files, and especially if you write careful
> > lock validation code in the local delivery agent. Kernel locks simply
> > make the code for safe local delivery less complex.)
>
> Not quite. Any scheme which relies on pre-existing mailboxes would
> also have to make sure that the owner of the mailbox cannot remove it.
> This means not only standard MUAs but also "rm", "mv"[1], accidental
> mistakes or user-installed MUAs. As I see it this is pretty much
> impossible to guarantee.
>
> So reliance on pre-existing mailboxes is inherently unsafe because it
> relies on assumptions which can not be guaranteed, regardless of
> useradd programs etc.
The solution to that is very simple:
- Create /var/mail/ with mode 775, root.mail owned.
- Write a small helper program, which is setgid mail, which just touches
a file with the calling users username in /var/mail/.
In fact, we use the appended helper (setgid mail) in Caldera OpenLinux now.
Ciao, Marcus
--
_____ ___
/ __/____/ / Caldera (Deutschland) GmbH
/ /_/ __ / /__ Naegelsbachstr. 49c, 91052 Erlangen
/_____//_/ /____/ Dipl. Inf. Marcus Meissner, email: mm@caldera.de
==== /_____/ ====== phone: ++49 9131 7912-300, fax: ++49 9131 7192-399
Caldera OpenLinux
--tKW2IUtsqtDRztdT
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="createmailfolder.c"
#include <stdio.h>
#include <stdlib.h>
#include <paths.h>
#include <sys/fcntl.h>
#include <pwd.h>
int
main(int argc, char **argv) {
struct passwd *pwent;
char *fn;
int fd;
pwent = getpwuid(getuid());
if (!pwent)
exit(1);
if (!pwent->pw_name)
exit(1);
fn = malloc(strlen(_PATH_MAILDIR)+strlen(pwent->pw_name)+2);
if (!fn)
exit(1);
strcpy(fn,_PATH_MAILDIR);
strcat(fn,"/");
strcat(fn,pwent->pw_name);
umask(0117);
fd = open(fn,O_CREAT|O_RDWR|O_EXCL,0660);
/* ignore errors, in case it already is present for instance. */
close(fd);
exit(0);
}
--tKW2IUtsqtDRztdT--
