Gabor Kiss
2011-Jan-12 11:01 UTC
[Secure-testing-team] Bug#609762: amavisd-milter: Init script changes owner of current directory to ''amavis''
Package: amavisd-milter Version: 1.5.0-2 Severity: grave Tags: security Justification: user security hole After "sudo bash" I issued "/etc/init.d/amavisd-milter restart". What a surprise! My home directory got owned by user amavis. Running init script under bash -vx reveals the problem: [ $MILTERSOCKET ] && ([ -d $(dirname $MILTERSOCKET) ] || mkdir $(dirname $MILTERSOCKET) && chown $USER $(dirname $MILTERSOCKET)) + ''['' inet6:60001 '']'' dirname $MILTERSOCKET ++ dirname inet6:60001 + ''['' -d . '']'' dirname $MILTERSOCKET ++ dirname inet6:60001 + chown amavis . Yes, of course: the root directory is also owned by amavis(!!!) due to the first boot process since installing amavisd-milter package. :-( And some other random directories too that were cwd when starting daemon by hand. Gabor -- System Information: Debian Release: 5.0.7 APT prefers stable APT policy: (700, ''stable''), (500, ''proposed-updates'') Architecture: i386 (i686) Kernel: Linux 2.6.26-2-686 (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/bash Versions of packages amavisd-milter depends on: ii amavisd-new 1:2.6.4-1~bpo50+1 Interface between MTA and virus sc ii libc6 2.7-18lenny7 GNU C Library: Shared libraries ii libmilter1.0.1 8.14.3-5+lenny1 Sendmail Mail Filter API (Milter) Versions of packages amavisd-milter recommends: ii postfix 2.5.5-1.1 High-performance mail transport ag amavisd-milter suggests no packages. -- no debconf information