search for: multipleuids

...s I don't run deliver SetUID root. But for whatever reason, when deliver is called by something that IS SetUID root I get the following error: /usr/local/libexec/dovecot/deliver must not be both world-executable and setuid-root. This allows root exploits. See http://wiki.dovecot.org/LDA#multipleuids Deliver's permissions look like this: -r-xr-xr-x While the program calling deliver has permissions like this: -r-s--x--- If it isn't possible for deliver to differentiate between being called by setuid root programs and being setuid root itself I don't think it should be doing...

.... Once I've made a simple shell wrapper script for the deliver executable which saves deliver's stdout+stderr, I've found the reason: /usr/local/libexec/dovecot/deliver must not be both world-executable and setuid-root. This allows root exploits. See http://wiki.dovecot.org/LDA#multipleuids Did a 'chmod o-x deliver' and fixed groups/owners and now everything works as it should. I think this error message should go to log files, not just to stdout/stderr. And it's worth to describe this behaviour in the Wiki. Cheers, Denis

I am familiar with this article http://wiki.dovecot.org/LDA#multipleuids I want to disable setuid-root, but I don't know the default group and permissions. sudo chgrp root /usr/libexec/dovecot/dovecot-lda sudo chmod 00750 /usr/libexec/dovecot/dovecot-lda but my delivery is still failing Nov 9 18:22:39 vl42 postfix/pipe[23039]: DEC54700B1: to=<user at domain....

Hi list I am just experimenting with seting up my own email server. I want some tips and hints on how to secure my setup to prevent unauthorised assess to my email. I have read through the wiki and have not found many tips. I hope to improve the wiki with tips gathered from the emailing list. :-) A basic measurement I could take right now would be to set more secure file premissions on my

I've been messing with this for too long, now, and I'm blind to whatever's wrong. Or I'm simply being dense. Either way, I need help with a common issue. I'm trying to get Postfix+Spamassassin+Dovecot going on Fedora 10. (I'll get back to the global Sieve thingy soon, but I need to get this going, first.) When using the simple: mailbox_command =

Hey Everyone, I?m down to 1 last error that I know I created on my own but I can?t figure out how to fix it? Here is the error that I?m getting: Apr 3 04:29:37 ip-172-31-24-2 postfix/qmgr[20458]: EFE01423E2: from=<me at spike.net>, size=359, nrcpt=1 (queue active) Apr 3 04:29:37 ip-172-31-24-2 dovecot: lda(beth at primelashdiva.info): Fatal: setresgid(89(postfix),89(postfix),97(dovecot))