Date: Thu, 28 Sep 1995 12:27:12 -0700 From: David Greenman <davidg@Root.COM> To: torstenb@freebsd.org Cc: batie@agora.rdrop.com (Alan Batie), core@freebsd.org, security@freebsd.org Subject: Re: smail patch Message-ID: <199509281927.MAA01968@corbin.Root.COM> In-Reply-To: Your message of "Thu, 28 Sep 95 18:30:26 BST." <m0syMmx-000OguC@ramsey.saar.de>
next in thread | previous in thread | raw e-mail | index | archive | help
>Alan Batie wrote: > >> > the sample configuration files that the smail port installs in >> > /usr/local/lib/smail/ uses /usr/libexec/mail.local for delivery to local >> > mailboxes (see the "local" transport in transports.sample) like sendmail. >> >> That is a solution for that particular problem, but that patch, or something >> similar, still needs to be applied. For example, at work we have /usr/local >> on an file server and use secondary configs for local customizations. Since >> apparently NFS requires a group, there will likely be problems. > >let me quote src/sysdep.c: > >> * NOTE: we assume that setgroups(0, (int *)NULL) has been called >> * to clear out any groups that may erroneously allow access >> * to the file. > >Not clearing the group access list opens a security hole. >I don't have the time to look deeper at the smail sources now. Please >post to comp.mail.smail... > >Sorry, but I won't change something that opens a new security hole... The first group in the group list is special. It is the effective gid of the process. The change to do the setgroups(1, &dummy) is not a security hole. The effective gid is set in various places, and one gid 'slot' must exist for this to work correctly. It is not valid to set the group list to contain no entries; NFS will not work without at least one gid in the list - and worse, FreeBSD will panic because it can't handle this condition. Let me put this another way: If you don't fix the smail port, we *will* have a major security hole as soon as I bring in the Lite-2 changes to setgroups() as it WILL fail with EINVAL for setgroups(0, blah) and since the return status of setgroups is not checked, the entire group list will remain unchanged. Please commit the fix. -DG
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199509281927.MAA01968>