[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: sendmail issues (was: Re: cron has gone to UTC time?)

Torsten Hilbrich wrote:
> I recently had a similiar problem[1] when updating some packages.  One
> of them was sendmail, in the window between unpacking the sendmail
> package and configuring it the suid bit was missing.  Unfortunately,
> my UUCP system thought it would like to send some mails using rmail
> and, I don't know why, the error handling of uuxqt (checking the error
> code of rmail) was not working correctly ...
> I lost about 300 mails from some mailing list,

Ugh. This is truely bad. I had a similar, though much less serious problem
when I upgraded ping and it lost its suid bit.

The cause of the problem is that we decided a few months back that if a
program is registered with suidregister, it's a good idea to _not_ ship it
suid in the .deb file. Instead, suidmanager makes it suid in the postinst. 

The rationalle was that if you don't want the program to be suid and you
configure suidmanager so it will not be, and it's suid in the .deb, it will
be suid for a short window until suidmanager gets around to removing the
suid bit.

This seemed like a good idea at the time, but these problems with vital suid
programs losing thier suid-ness during upgrade is makeing me reconsider
this.. But I don't see a good solution. It seems we must have a window one
way or the other, where the program has the permissions the admin doesn't
want. We have the potential for random bits of the system breaking for a
short time on one hand, and potential security holes on the other.

see shy jo

Reply to: