lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 17 Mar 2008 14:35:59 +0100
From:	Tilman Schmidt <tilman@...p.cc>
To:	Benjamin Thery <ben.thery@...il.com>
CC:	Daniel Lezcano <dlezcano@...ibm.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
	David Miller <davem@...emloft.net>, pekkas@...core.fi,
	yoshfuji@...ux-ipv6.org
Subject: Re: [2.6.25-rc5-mm1] regression: cannot run Postfix sendmail command
 as non-root

Benjamin Thery schrieb:
> While googling for the error string, I found this link which report
> the same kind of
> error when Postfix is used with grsecurity (in 2006):
> 
> http://blog.jensthebrain.de/archives/2006/12/11/IPv6-Probleme-mit-Postfix-und-grsecurity
> 
> I barely understand German so I'm not sure it is related to your problem.

The userspace failure described there is indeed the same as mine:
Postfix' sendmail command tries to open "/proc/net/if_inet6"
which fails with EACCES.

But I have never installed grsecurity on this machine, and the
problem appeared for me only with kernel 2.6.25-rc5-mm1, not when
running kernel 2.6.25-rc5 on the same machine, so I guess the
cause must be something different.

What's also strange is that I can "cat /proc/net/if_inet6" from
the command line as the same non-root user with no problem at all.
strace of "cat /proc/net/if_inet6" has:

open("/proc/net/if_inet6", O_RDONLY|O_LARGEFILE) = 3

strace of "/usr/sbin/sendmail", however:

open("/proc/net/if_inet6", O_RDONLY) = -1 EACCES (Permission denied)

Both run as

ts@...on:~> id
uid=1000(ts) gid=100(users) groups=0(root),14(uucp),16(dialout),33(video),100(users),112(bacula)

HTH
T.

-- 
Tilman Schmidt                    E-Mail: tilman@...p.cc
Bonn, Germany
Diese Nachricht besteht zu 100% aus wiederverwerteten Bits.
Ungeöffnet mindestens haltbar bis: (siehe Rückseite)


Download attachment "signature.asc" of type "application/pgp-signature" (251 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ