Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Gentoo: Hardened

PAX + Qmail problem

  

 
Gentoo hardened RSS feed   Index | Next | Previous | View Threaded


kakou at kakou

May 23, 2005, 1:38 AM

Post #1 of 2 (73 views)
Permalink
PAX + Qmail problem
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

I have this error when I try to authenticate (when I send a mail) :

grsec: From 10.0.0.10: denied untrusted exec of
/var/vpopmail/bin/vchkpw by
/var/qmail/bin/qmail-smtpd[qmail-smtpd:17267] uid/euid:201/201
gid/egid:200/200, parent /var/qmail/bin/qmail-smtpd[qmail-smtpd:18606]
uid/euid:201/201 gid/egid:200/200

How authorize /var/qmail/bin/qmail-smtpd to execute
/var/vpopmail/bin/vchkpw ?

server ~ # ls -lh /var/vpopmail/bin/vchkpw
- -rws--x--x 1 root vpopmail 104K May 23 10:30 /var/vpopmail/bin/vchkpw
server ~ # ls -lh /var/qmail/bin/qmail-smtpd
- -rwxr-xr-x 1 root qmail 58K May 23 10:30 /var/qmail/bin/qmail-smtpd


Thks All
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCkZZ33RS+hG/PB/URAoiOAJ9xjIhCrdHciHrv9FQC7PdZ8wTtFACff8aN
yQhqBJlIQo60o2Ts8TH/6w4=
=ppC/
-----END PGP SIGNATURE-----

--
gentoo-hardened [at] gentoo mailing list


kaiowas at gentoo

May 23, 2005, 1:51 AM

Post #2 of 2 (72 views)
Permalink
Re: PAX + Qmail problem [In reply to]
Hi

kakou wrote:
> Hello,
>
> I have this error when I try to authenticate (when I send a mail) :
>
> grsec: From 10.0.0.10: denied untrusted exec of
> /var/vpopmail/bin/vchkpw by
> /var/qmail/bin/qmail-smtpd[qmail-smtpd:17267] uid/euid:201/201
> gid/egid:200/200, parent /var/qmail/bin/qmail-smtpd[qmail-smtpd:18606]
> uid/euid:201/201 gid/egid:200/200
>
> How authorize /var/qmail/bin/qmail-smtpd to execute
> /var/vpopmail/bin/vchkpw ?

read the TPE-related config comments from the kernel sources

____
CONFIG_GRKERNSEC_TPE_ALL:

If you say Y here, All non-root users other than the ones in the group specified in the main TPE option will only be allowed to execute files in directories they own that are not group or world-writable, or in directories owned by root and writable only by root. If the sysctl option is enabled, a sysctl option with name "tpe_restrict_all" is created
____


bye,
peter

--
petre rodan
<kaiowas [at] gentoo>
Developer,
Hardened Gentoo Linux
Attachments: signature.asc (0.26 KB)

Gentoo hardened RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.