Re: "setuid(UID)" and "chmod 4550" misbehaving

To: Kevin Mark <kevin.mark@verizon.net>, debian-user@lists.debian.org
Subject: Re: "setuid(UID)" and "chmod 4550" misbehaving
From: "Roberto C. Sanchez" <roberto@connexer.com>
Date: Sat, 21 Oct 2006 00:26:40 -0400
Message-id: <[🔎] 20061021042640.GK28695@santiago.connexer.com>
Mail-followup-to: "Roberto C. Sanchez" <roberto@connexer.com>, Kevin Mark <kevin.mark@verizon.net>, debian-user@lists.debian.org
In-reply-to: <[🔎] 20061021042247.GA9503@localhost>
References: <[🔎] 9b9224910610201125p4a83942aq4b016596a7bc3f53@mail.gmail.com> <[🔎] 20061021033812.GA6385@localhost> <[🔎] 20061021035103.GJ28695@santiago.connexer.com> <[🔎] 20061021042247.GA9503@localhost>

On Sat, Oct 21, 2006 at 12:22:47AM -0400, Kevin Mark wrote:
> On Fri, Oct 20, 2006 at 11:51:03PM -0400, Roberto C. Sanchez wrote:
> <snip>
> > Hmm.  I am part of the cyrus-sasl maintenance team and we are
> > desperately trying to get away from the current packages since they have
> > essentially been unmaintained for over two years.  We just uploaded the
> 
> But would I be correct in saying that they are going into Etch?
> 
> > new 2.1.22 packages to experimental about 24 hours ago.  Anyhow, on my
> 
> And would I be correct in saying that these are not going to be in Etch?
> 
Hopefully the new version will go into Etch.  Once we pass NEW
processing, then we need the openldap maintainers to upload into
experimental to build against the new cyrus-sasl and then we can
re-upload to experimental to rebuild against the new openldap.  Once
that is done, we can upload to Sid.  Assuming this happens relatively
quickly, we may make into Etch.

> > system, /etc/sasldb2 has mode 660 and ownership root:sasl.  Though, I
> > don't use cyrus for mail anymore since having switched to courier.
> 
> So YOUR version, not his appears to be working. Would it make
> sense/possible to 'backport' it, if the older version is bound for etch?
> 
The version I am using on that particular machine is the version from
Sarge.  Though, I don't recall if that sasldb2 was created with the
Sarge or the Woody version before I upgraded.

If the new version does not make it into Etch, though, we will certainly
backport.

> > 
> > Anyhow, I seem to recall that cyrus was in group sasl or you had to add
> > to it manually since it was a security risk.
> > 
> > Out of curiousity, what/who is user wwwrun and where did it come from?
> > 
> 
> I have never seen 'wwwrun' but then I dont use cyrus.
> 
> My message was just ment to get a bug reported, if that would help
> improve the old version.
> 

Even when I had cyrus installed, I don't recall seeing wwwrun.  I think
that part of the problem may be that squirrelmail, by virtue of being
web based, runs as the webserver user (usually www-data on Debian
systems).

I'm not sure what else to tell you.

Regards,

-Roberto

-- 
Roberto C. Sanchez
http://people.connexer.com/~roberto
http://www.connexer.com

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Re: "setuid(UID)" and "chmod 4550" misbehaving
  - From: "Eugenio Jordán González" <eugenio.jordangonzalez@gmail.com>
- Re: "setuid(UID)" and "chmod 4550" misbehaving
  - From: Kevin Mark <kevin.mark@verizon.net>
- Re: "setuid(UID)" and "chmod 4550" misbehaving
  - From: "Roberto C. Sanchez" <roberto@connexer.com>
- Re: "setuid(UID)" and "chmod 4550" misbehaving
  - From: Kevin Mark <kevin.mark@verizon.net>

Prev by Date: Re: "setuid(UID)" and "chmod 4550" misbehaving
Next by Date: Re: Re: Hal error when starting dbus
Previous by thread: Re: "setuid(UID)" and "chmod 4550" misbehaving
Next by thread: G965 Chipset & ICH8 Southbridge Support
Index(es):
- Date
- Thread