[Dovecot] Deliver EX_TEMPFAIL's without giving any information
Hi all.
I've had a hard time trying to find out why deliver isn't working after I've updated dovecot from v1.11 to v1.2.8. It just gave me EX_TEMPFAIL without any info in the logs. My deliver was setuid-root.
Once I've made a simple shell wrapper script for the deliver executable which saves deliver's stdout+stderr, I've found the reason:
/usr/local/libexec/dovecot/deliver must not be both world-executable and setuid-root. This allows root exploits. See http://wiki.dovecot.org/LDA#multipleuids
Did a 'chmod o-x deliver' and fixed groups/owners and now everything works as it should.
I think this error message should go to log files, not just to stdout/stderr. And it's worth to describe this behaviour in the Wiki.
Cheers, Denis
On Tue, 2009-12-29 at 15:04 +0600, Denis Khromov wrote:
/usr/local/libexec/dovecot/deliver must not be both world-executable and setuid-root. This allows root exploits. See http://wiki.dovecot.org/LDA#multipleuids .. I think this error message should go to log files, not just to stdout/stderr.
But that could be too late.. Someone could create a mydovecot.conf that says log_path = /etc/passwd and run deliver -c mydovecot.conf and mess up the passwd file by having it log the above message to it, or something similar to that.
What could be possible is to also log it to syslog, but not everyone is using syslog and with the default mail facility. Seems like that could also cause trouble.
And it's worth to describe this behaviour in the Wiki.
Well, it only affects those people who upgrade from old version and actually have deliver set up as setuid-root. I don't think there are that many of those left. :)
participants (2)
-
Denis Khromov
-
Timo Sirainen