[3785] in bugtraq
sendmail 8.8.4 and initgroups
daemon@ATHENA.MIT.EDU (Michael Douglass)
Thu Dec 12 02:24:29 1996
Date: Wed, 11 Dec 1996 15:57:20 -0600
Reply-To: Michael Douglass <mikedoug@texas.net>
From: Michael Douglass <mikedoug@texas.net>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
Okay, call me annoying; but call me concerned...
Why is it that the initgroups() is not done until deliver.c??? I'm confused.
The *purpose* behind the setuid/setgid/initgroups is for security right? So
in main, you have:
if (OpMode != MD_DAEMON && OpMode != MD_FGDAEMON)
{
/* drop privileges -- daemon mode done after socket/bind */
if (RunAsGid != 0)
(void) setgid(RunAsGid);
if (RunAsUid != 0)
(void) setuid(RunAsUid);
}
and:
/* drop privileges */
if (RunAsGid != 0)
(void) setgid(RunAsGid);
if (RunAsUid != 0)
(void) setuid(RunAsUid);
So we set the uid and gid here; but we are *STILL* not calling initgroups
here as we should. There is no reason to keep all of those groups when
we are explicitly saying "use this uid:gid"... I submitted the patches
to fix this the last time I brought up this initgroups() bug in 8.8.3 and
was told "get 8.8.4"... Well, I got 8.8.4 and it's *still* not fixed.
Here is some more info; I started 8.8.4 and then hand telnetted into the
port. Here is the credentials from the process:
21780: e/r/suid=99 e/r/sgid=6
groups: 1 0 2 3 4 5 6 7 8 9 15 12
*wrong-o-buddy*
Michael Douglass
Texas Networking, Inc.
"The past is a foreign country; they do things differently there."
L. P. Hartley, British author. The Go-Between, Prologue (1953).
