self follow up ... carlos puchol <cpg@xxxxxxxxxxxxxxxxxxxxx> wrote: > [22:27:55](3)rome:cpg# ll -L /usr/sbin/sendmail* > -rwxr-sr-x 1 root smmsp 748296 Sep 1 03:20 /usr/sbin/sendmail > -rwsr-xr-x 1 root root 2089729 Sep 13 09:20 /usr/sbin/sendmail.exim > -rwxr-xr-x 1 root root 141344 Aug 5 08:03 /usr/sbin/sendmail.postfix > -rwxr-sr-x 1 root smmsp 748296 Sep 1 03:20 /usr/sbin/sendmail.sendmail > [22:28:01](3)rome:cpg# > > i can't. so -- i am baffled as to how the user/group and > the setuid was changed. i am 100% certain i did not change the > permissions or user/group by hand. after rebooting a couple of times i got the clientmqueue error again today and mail got dropped! admittedly i didn't notice before because i did not try sending email from the machine subject to this bug. the permissions to /usr/sbin/sendmail.sendmail have gone _again_ to a user (my user - cpg)!!! [15:02:38](1)rome:cpg# ll -L /usr/sbin/sendmail* -rwxr-xr-x 1 root root 141344 Aug 5 08:03 /usr/sbin/sendmail -rwsr-xr-x 1 root root 2089729 Sep 13 09:20 /usr/sbin/sendmail.exim -rwxr-xr-x 1 root root 141344 Aug 5 08:03 /usr/sbin/sendmail.postfix -rwxr-xr-x 1 cpg users 748296 Sep 1 03:20 /usr/sbin/sendmail.sendmail [15:02:40](1)rome:cpg# i don't know how this can happen. this seems quite dangerous! thankfully the setuid is no longer there, but this seems awfully "close" to a security issue - some process is (incorrectly) changing permissions of sensitive system files. more later when i have a chance to debug this ... -c