Bugtraq mailing list archives
sendmail 8.8.4 and initgroups
From: mikedoug () texas net (Michael Douglass)
Date: Wed, 11 Dec 1996 15:57:20 -0600
Okay, call me annoying; but call me concerned... Why is it that the initgroups() is not done until deliver.c??? I'm confused. The *purpose* behind the setuid/setgid/initgroups is for security right? So in main, you have: if (OpMode != MD_DAEMON && OpMode != MD_FGDAEMON) { /* drop privileges -- daemon mode done after socket/bind */ if (RunAsGid != 0) (void) setgid(RunAsGid); if (RunAsUid != 0) (void) setuid(RunAsUid); } and: /* drop privileges */ if (RunAsGid != 0) (void) setgid(RunAsGid); if (RunAsUid != 0) (void) setuid(RunAsUid); So we set the uid and gid here; but we are *STILL* not calling initgroups here as we should. There is no reason to keep all of those groups when we are explicitly saying "use this uid:gid"... I submitted the patches to fix this the last time I brought up this initgroups() bug in 8.8.3 and was told "get 8.8.4"... Well, I got 8.8.4 and it's *still* not fixed. Here is some more info; I started 8.8.4 and then hand telnetted into the port. Here is the credentials from the process: 21780: e/r/suid=99 e/r/sgid=6 groups: 1 0 2 3 4 5 6 7 8 9 15 12 *wrong-o-buddy* Michael Douglass Texas Networking, Inc. "The past is a foreign country; they do things differently there." L. P. Hartley, British author. The Go-Between, Prologue (1953).
Current thread:
- sendmail 8.8.4 and initgroups Michael Douglass (Dec 11)