Carlos Puchol wrote:
self follow up ...
carlos puchol <cpg@xxxxxxxxxxxxxxxxxxxxx> wrote:
[22:27:55](3)rome:cpg# ll -L /usr/sbin/sendmail*
-rwxr-sr-x 1 root smmsp 748296 Sep 1 03:20 /usr/sbin/sendmail
-rwsr-xr-x 1 root root 2089729 Sep 13 09:20 /usr/sbin/sendmail.exim
-rwxr-xr-x 1 root root 141344 Aug 5 08:03 /usr/sbin/sendmail.postfix
-rwxr-sr-x 1 root smmsp 748296 Sep 1 03:20 /usr/sbin/sendmail.sendmail
[22:28:01](3)rome:cpg#
i can't. so -- i am baffled as to how the user/group and
the setuid was changed. i am 100% certain i did not change the
permissions or user/group by hand.
after rebooting a couple of times
i got the clientmqueue error again today and mail got dropped!
admittedly i didn't notice before because i did not try
sending email from the machine subject to this bug.
the permissions to /usr/sbin/sendmail.sendmail have
gone _again_ to a user (my user - cpg)!!!
[15:02:38](1)rome:cpg# ll -L /usr/sbin/sendmail*
-rwxr-xr-x 1 root root 141344 Aug 5 08:03 /usr/sbin/sendmail
-rwsr-xr-x 1 root root 2089729 Sep 13 09:20 /usr/sbin/sendmail.exim
-rwxr-xr-x 1 root root 141344 Aug 5 08:03 /usr/sbin/sendmail.postfix
-rwxr-xr-x 1 cpg users 748296 Sep 1 03:20 /usr/sbin/sendmail.sendmail
[15:02:40](1)rome:cpg#
First of all: Why is /usr/sbin/sendmail a copy and not a soft-link?
alternatives generates soft-links. Have you made this change by hand?
And at the moment you are using a copy of postfix and not sendmail.
i don't know how this can happen. this seems quite dangerous!
thankfully the setuid is no longer there, but this seems awfully
"close" to a security issue - some process is (incorrectly) changing
permissions of sensitive system files.
more later when i have a chance to debug this ...
This is really strange. I have not seen this before.
-c
--
Thomas Woerner
Software Engineer Phone: +49-711-96437-310
Red Hat GmbH Fax : +49-711-96437-111
Hauptstaetterstr. 58 Email: Thomas Woerner <twoerner@xxxxxxxxxx>
D-70178 Stuttgart Web : http://www.redhat.de/