/etc/init.d/courier-authdaemon creates $RUNDIR with improper permissions

Bug #777060 reported by Matthias Andree
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
courier-authlib (Ubuntu)
New
Undecided
Unassigned

Bug Description

Binary package hint: courier-authlib

The /etc/init.d/courier-authdaemon creates $RUNDIR with improper permissions, namely, 0750, rather than world-readable. The problem is that if Postfix is configured to execute maildrop from mailbox_command (as suggested in the Postfix HOWTOs), there is a *silent* *unlogged* failure of maildrop to connect to the authdaemon.

Since maildrop is designed to run without authdaemon, this causes usual mail filter rules (for instance, in /etc/maildroprc) to not apply, bypassing possible restrictions configured there. It is unclear whether to see this as security vulnerability.

Please change the init script to mkdir the relevant directory with mode 0755, and make sure that existing directories are checked and the admin gets warned if it's at 0750.

Arguably this could be seen as a maildrop bug which should exit with EX_TEMPFAIL if it cannot connect to the authdaemon, but see above for the note about standalone use.

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: courier-authdaemon 0.62.4-1
ProcVersionSignature: Ubuntu 2.6.32-31.61-generic-pae 2.6.32.32+drm33.14
Uname: Linux 2.6.32-31-generic-pae i686
Architecture: i386
Date: Wed May 4 14:08:58 2011
ProcEnviron:
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: courier-authlib

Revision history for this message
Matthias Andree (matthias-andree) wrote :
Revision history for this message
Matthias Andree (matthias-andree) wrote :

Note ubuntu-bug misfiled the binary package (courier-authdaemon, not -authlib).

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.