similar to: Re: Re: Security Concern..

[Mod: This message is a reason *why* linux-security is moderated list. This is also a reason why Rogier, myself, Alan Cox and others really do not want to have completely open lists that deal with security related aspects of running a system as way too many people just jump to conclusions and give suggestions without doing any reasearch on a subject. -- alex (co-moderator of

Nope. Did that too. I?m up and running. On Wed, Sep 11, 2019 at 13:06 Gordon Messmer <gordon.messmer at gmail.com> wrot > On 9/11/19 9:50 AM, John Chludzinski wrote: > > $ sudo yum install devtoolset-7 > > No package devtoolset-7 available. > > Error: Nothing to do > > > You've skipped step #1: sudo yum install centos-release-scl > >

Running dovecot 1.2.4 on FreeBSD using Postfix. Everything works fine normally, but deliver is executable by world. This is not normally a problem, as I don't run deliver SetUID root. But for whatever reason, when deliver is called by something that IS SetUID root I get the following error: /usr/local/libexec/dovecot/deliver must not be both world-executable and setuid-root. This

Hi. Does anyone use UsePrivilegedPort or have ssh(1) setuid, and if so for what use case? ssh(1) has had code in it to support installing setuid root since approximately forever, however OpenBSD has not shipped it in that configuration since 2002 (and I suspect these days no vendor does). As far as I can tell, all of the reasons for this no longer apply: - setuid root was needed to bind to a

Hi, many people are having problems using SFTP with ChrootDirectory when the jail directory (or the path above) is not owned by root. The question is if chroot'ing to usual home directories can be allowed, even though they are owned by regular users. I know that this topic has been discussed on the list several times now, so I searched the list archives for posts that invalidate the

We have a large (20Gb, 250000 files) tree which needs to replicate across our WAN on a regular basis. We have been using a wrapper script around rsync to do this; the wrapper script runs setuid-root on a Solaris 8 server. However, we have on-going problems with files whose permissions don't replicate correctly. These file permissions are the REAL problem; if the permissions aren't

> On 24 May 2019 17:11 Steven Smith via dovecot <dovecot at dovecot.org> wrote: > > > I?m trying to configure dovecot lmtp in multi-user mode. My error logs are filled with messages saying that an imap process cannot do a setuid to another user: > > > May 21 22:28:46 imap(pid 17441 user myuser): Fatal: setuid(512(myuser) from userdb lookup) failed with

Well, I had just finally gotten around to downloading a snapshot to test the latest on Tru64 a couple of days ago but hadn't had a chance to build it yet, and 3.7p1 has now been released. Sigh. The problem is that Tru64 setreuid() and setregid() are broken, so privsep doesn't work. This could also be a security problem for SIA authentication in general (any version of OpenSSH on Tru64,

Qmail, when using LDAP, a user can specify delvieryProgramPath, or a .qmail file, to launch something like procmail. Qmail correctly setuid() to the uids set for the user in LDAP, as well as set up the common env vars (HOME, USER, MAILDIR). We moved to Postfix but found that it is quite lacking in the features supported when it comes to "virtual" users. No .forward, and if you set

Hi OpenSSH developers, I'm using OpenSSH on a daily basis and I'm very pleased with the work you've done. I am contributing to some Open Source software hosted at Savannah https://savannah.nongnu.org/projects/tsp and we recently hit some sftp unexpected behavior: https://savannah.gnu.org/support/?105838 when using chmod sftp client command it appears that setuid / setgid bits are

version: rsync v2.6.1 (+ a minor, unrelated patch). I'm rsyncing files (not as root) and am happy (indeed, for what I want, delighted) that the files at the target side end up owned by the account doing the rsync. However, I've found that if I have a setuid/setgid file on the source side, the target file ends up setuid/setgid too (but under a different id!). This happens whether

I'm running Dovecot under PLD GNU/Linux, on two servers. Under kernel 2.4, it works wonderfully. Under 2.6, I get this in the log: Nov 9 21:36:38 polis dovecot: Dovecot starting up Nov 9 21:36:39 polis imap-login: setuid(97) failed: Resource temporarily unavailable Nov 9 21:36:39 polis imap-login: setuid(97) failed: Resource temporarily unavailable Nov 9 21:36:39 polis pop3-login:

Dear all, I'm running Samba version 3.0.4 (this is what comes with Solaris 10) on a Solaris machine. For WORM file system support, a new "Snaplock"-mechanism has been implemented into SAM-FS. This mechanism uses the setting of the "setuid" bit (e. g.: "chmod 4000 <filename>") to trigger a file to become a WORM file (i. e. it cannot be modified / deleted

Hi, See below: # getent group adm adm:x:4:root,adm,daemon And: # ls -l /var/log total 20384 -rw-r----- 1 root adm 43310 Jun 21 16:00 auth.log -rw-r----- 1 root adm 128247 Jun 19 06:47 auth.log.0 -rw-r----- 1 root adm 10318 Jun 12 06:47 auth.log.1.gz -rw-r----- 1 root adm 9508 Jun 5 06:47 auth.log.2.gz -rw-r----- 1 root adm 12475 May 29 06:47 auth.log.3.gz

The attached patch adds an option --drop-suid which caused rsync to drop setuid/setgid permissions from the destination files. ie, even if the source file is setuid, the target file will not be. Added as we want to rsync the same files to machines both inside and outside our firewalls. For machines inside the firewall some files should be suid, for machines outside the firewalls they should

Hello Porters, I am attempting to compile OpenSSH 2.9.9p2 on a Dynix V4.4.4 host. I have set USE_PIPES and BROKEN_SAVED_UIDS (the latter because there are no functions for set{eu,eg}id() that I can find). I configured with "./configure '--with-libs=-lnsl -lsec'". Each time I attempt to login, I get this error: No utmp entry. You must exec "login" from

Hi, I believe having less root setuid binaries on system is The Way ... so: Why does RH6.2 ships with /sbin/dump & /sbin/restore root setuid? These are for sysadmins, not for regular users I hope. Is /sbin/unix_chkpwd really used and what is it used for? I haven't find anything about it in pam documentation. Is it really necessary to ship /usr/bin/gpasswd and /usr/bin/newgrp? Does

Hi, I just configured my Postfix installation to deliver via Dovecot LDA. But because I use separate uids for virtual domains I had to set deliver to be setuid root. Altough I find this as frequent answer to this problem with deliver LDA I am not a 100% sure - basically because I try to avoid root setuids as much as I can. What should be better solution - to have all mailboxes with one owner or

Currently, we leave the group ID alone, but now that we're looking at KRB5CCNAME, we need to be a little more careful with credentials. After we get the uid, do a getpwuid and grab the default gid for the user. Then use setgid to set it before calling setuid. Signed-off-by: Jeff Layton <jlayton at samba.org> --- cifs.upcall.c | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed,

PIZZACODE SECURITY ALERT program: rssh risk: low[*] problem: string format vulnerability in log.c details: rssh is a restricted shell for use with OpenSSH, allowing only scp and/or sftp. For example, if you have a server which you only want to allow users to copy files off of via scp, without providing shell access, you can use rssh to do that. Additioanlly, running rsync, rdist, and cvs are