Bug#3036: automatic adduser/addgroup in postinst (was Re: fingerd)

To: Ian Jackson <ian@chiark.chu.cam.ac.uk>, debian-bugs@pixar.com
Cc: Mark Eichin <eichin@cygnus.com>
Subject: Bug#3036: automatic adduser/addgroup in postinst (was Re: fingerd)
From: Raul Miller <rdm@tad.micro.umn.edu>
Date: 19 May 1996 18:12:35 -0000
Message-id: <[🔎] 19960519181235.6811.qmail@tad.micro.umn.edu>
Reply-to: Raul Miller <rdm@tad.micro.umn.edu>, debian-bugs@Pixar.com
In-reply-to: <[🔎] m0uLAlb-0002XXC@chiark.chu.cam.ac.uk>
References: <[🔎] m0uIx4D-0002YGC@chiark.chu.cam.ac.uk> <[🔎] 199605140030.CAA22295@picard.cistron.nl> <[🔎] m0uKDwd-0002YTC@chiark.chu.cam.ac.uk> <[🔎] xe17mubhuy1.fsf@maneki-neko.cygnus.com> <[🔎] m0uLAlb-0002XXC@chiark.chu.cam.ac.uk>

Ian Jackson:
 > Compiled-in uids need to be the same across all systems
 > (potentially) running the same binary, and have a large chance of
 > clashing with uids allocated locally for other purposes.  Therefore
 > we can only alloocate a small range (0-99 and perhaps some high
 > ones) for centrally and statically allocated immutable uids.

The real issue here isn't that compiled in uids shouldn't be used --
the real issue is whether or not qmail makes good use of them.

 > Does qmail do the uid lookups at runtime, or can it be made to ?
 > If so then that would be better, because then it can use uids which
 > have been allocated by adduser according to whatever policy the
 > local sysadmin sets in the adduser.conf (when adduser is fixed ...)

qmail uses exec() a lot (to manage security partitioning), so runtime
lookup could result in a big performance hit.  Furthermore, making
this runtime configurable would allow new opportunities for
mismanagment without really adding any functionality.  Thus, I think
this solution should be considered as a hack and not a real solution.

Also, note that qmail uses only five distinct user ids, and one
distinct gid (it should need to use a second if the group id "nobody"
is allowed to own any files).

One of the user ids is used for alias support.  One of the user ids is
used for qmail's internal queue management.  One of the user ids is
used for smtpd.  One of the user ids is used for the sending mail
interface (e.g. before the decision is made for sending it locally or
sending it remotely).  The final user id is used for smtp client
activity.

Each handoff point is coded defensively.  Thus, for example, a
security hole in smtpd wouldn't affect the integrity of other mail
messages.

Since sendmail tries to do all these things in the same program, it's
reasonable to expect qmail (as a system) to provide all these
features.  However, these really are separate functional areas, and
their need to manipulate files leads to this need for separate user
ids.

Basically, I think that qmail's use of these ids is justified.  I
think that if these should be made configurable we should put together
a kit to make all non-root system ids configurable.

--
Raul

Reply to:

References:
- Re: automatic adduser/addgroup in postinst (was Re: fingerd)
  - From: Ian Jackson <ian@chiark.chu.cam.ac.uk>
- Re: automatic adduser/addgroup in postinst (was Re: fingerd)
  - From: Miquel van Smoorenburg <miquels@cistron.nl>
- Bug#3036: automatic adduser/addgroup in postinst (was Re: fingerd)
  - From: Ian Jackson <ian@chiark.chu.cam.ac.uk>
- Bug#3036: automatic adduser/addgroup in postinst (was Re: fingerd)
  - From: Mark Eichin <eichin@cygnus.com>
- Bug#3036: automatic adduser/addgroup in postinst (was Re: fingerd)
  - From: Ian Jackson <ian@chiark.chu.cam.ac.uk>

Prev by Date: Yet another diald upload (diald-0.14-2) [Non-maintainer upload]
Next by Date: tgif-3.0p5-0 uploaded
Previous by thread: Bug#3036: automatic adduser/addgroup in postinst (was Re: fingerd)
Next by thread: Bug#3036: automatic adduser/addgroup in postinst (was Re: fingerd)
Index(es):
- Date
- Thread