/etc/init.d/courier-authdaemon creates $RUNDIR with improper permissions
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
courier-authlib (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: courier-authlib
The /etc/init.
Since maildrop is designed to run without authdaemon, this causes usual mail filter rules (for instance, in /etc/maildroprc) to not apply, bypassing possible restrictions configured there. It is unclear whether to see this as security vulnerability.
Please change the init script to mkdir the relevant directory with mode 0755, and make sure that existing directories are checked and the admin gets warned if it's at 0750.
Arguably this could be seen as a maildrop bug which should exit with EX_TEMPFAIL if it cannot connect to the authdaemon, but see above for the note about standalone use.
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: courier-authdaemon 0.62.4-1
ProcVersionSign
Uname: Linux 2.6.32-
Architecture: i386
Date: Wed May 4 14:08:58 2011
ProcEnviron:
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: courier-authlib
Note ubuntu-bug misfiled the binary package (courier- authdaemon, not -authlib).