The mailing list for listmasters using Sympa

[Peter Farmer <address@concealed>]

Redmond,

This is a common sendmail security issue - I found out the hard way a long 
time ago 8-).

The aliases file and its database files (generated by newaliases) must be 
owned by root and writable only by root AND they must live in a directory, 
every path component of which is owned by and writable only by root.

If database files are are not protected this way, attackers can create 
private aliases files and then run 'sendmail -oA./aliases -bi' to create a 
bogus database that can be copied over (or delete and replace) the 
original.
 
Regards,

Peter Farmer

On Saturday 03 June 2006 5:02 am, Redmond Militante wrote:
> Hello-
>
> I received this in regards to an installation of sympa I was configuring
> to work with Postfix.  I'm now experiencing the same problem - namely,
> that sympa auto creation of alias fails - on a machine on which I'd like
> to use sendmail as my MTA.
>
> snippet of our sympa.logs
> Jun  2 15:41:32 announce wwsympa[6204]: [robot announce.uchicago.edu]
> [client 128.135.0.88] [user address@concealed] do_create_list, get action
> : do_it Jun  2 15:41:32 announce wwsympa[6204]:
> admin::check_topics(computing/apps,announce.uchicago.edu) Jun  2 15:41:32
> announce wwsympa[6204]: admin::install_aliases : Unable to run newaliases
>
> snippet of /var/log/maillog
> Jun  2 14:48:55 announce sendmail[2811]: NOQUEUE: SYSERR(root): hash map
> "Alias1": unsafe map file /etc/mail/sympa_aliases.db: Permission denied
> Jun  2 14:48:55 announce sendmail[2811]: NOQUEUE: SYSERR(root): Cannot
> create database for alias file /etc/mail/sympa_aliases
>
> /etc/mail/sympa_aliases and /etc/mail/sympa_aliases.db were copied from
> another machine.  I'd like to replicate these aliases onto the new
> server.  I've modified sympa_aliases so that the hostname is the hostname
> of the new machine.
>
> Permissions for /etc/mail are
> drwxr-xr-x   3 sympa sympa   4096 Jun  2 15:49 mail
>
> Permissions for /etc/mail/sympa_aliases* are
> -rw-r--r--   1 sympa sympa  9243 Jun  2 15:48 sympa_aliases
> -rw-r--r--   1 sympa smmsp 24576 Jun  2 15:48 sympa_aliases.db
>
> -I have tried various permissions for /etc/mail/sympa_aliases and
> /etc/mail/sympa_aliases.db.  I've tried making root:root, sympa:sympa,
> sympa:smmsp, and smmsp:smmsp owner of the sympa_aliases.db file - nothing
> has worked so far, I still receive the same error in maillog.
>
> This server is RHEL 4.  I've compiled sympa with
> ./configure --with-bindir=/etc/smrsh
>
> +++ Redmond Militante <address@concealed> [06/04/20 09:15]:
> > +++ Olivier Salaün - CRU <address@concealed> [06/04/20 08:38]:
> > >    Sympa automatic aliases creation may fail for one of the following
> > >    reason :
> > >      * The /etc/mail/sympa_aliases file (defined by
> > > 'sendmail_aliases' sympa.conf parameter) does not exist. Starting
> > > with Sympa 5.2,
>
> the file exists
>
> > >        sympa.pl is able to create the aliases file if it is missing.
> > >      * /etc/mail/sympa_aliases is not used by your MTA. If using
> > >        sendmail, add it to sendmail.cf
>
> snippet of our sendmail.cf
> # location of alias file
> O AliasFile=/etc/aliases,/etc/mail/sympa_alias
>
> > >      * The newaliases command requires special arguments on your
> > > system. You can define the newaliases command and arguments used
> > > during the configure. See
> > >       
> > > [1]http://www.sympa.org/doc/html/node4.html#SECTION004300000000000
> > > 00000
>
> not necessary on our system.
>
> > >      * The aliaswrapper program is missing the SetUID bit
>
> %ls -la /home/sympa/bin/aliaswrapper*
> -rwsr-x---  1 root sympa 6645 Jun  2 14:12 /home/sympa/bin/aliaswrapper
>
> > >      * Your /etc/mail/sympa_aliases does not have the appropriate
> > >        privileges. It should neither be group-writeable nor
> > >        world-writeable
>
> % ls -la /etc/mail/sympa_aliases
> -rw-r--r--  1 sympa sympa 9243 Jun  2 15:48 /etc/mail/sympa_aliases
>
> > >      * Your /etc/mail/sympa_aliases.db does not have the appropriate
> > >        privileges. This file is created by running newaliase. User
> > >        'smmsp' should be owner of this map file
>
> see above.  I've also tried making smmsp:smmsp owner of this file, same
> error.  sympa:smmsp is currently owner of this file.
>
> Any advice appreciated.
>
> > >    Redmond Militante wrote:
> > >
> > > Isn't alias_manager.pl supposed to run 'newaliases' via aliaswrapper,
> > > whenever it is run?
> > >
> > >
> > > On our sympa installation, I can run alias_manager.pl from the
> > > command line, an d when I create a new list via
> > > wwsympa.fcgi, alias_manager.pl runs and appends new list aliases to
> > > /etc/mail/s ympa.aliases - but it looks like it
> > > is not running 'newaliases' after appending to sympa.aliases.  I have
> > > to log in as root and run 'newaliases'
> > > manually in order to successfully send mail to my new list, otherwise
> > > I get a m ail delivery notification telling
> > > me that the message can't be delivered because the recipient is
> > > unknown - runni ng 'newaliases' fixes this.
> > >
> > >
> > > Do I have to recompile in order to get alias_manager.pl to run
> > > newaliases for m e?  Or do people usually just
> > > newaliases as a cron job?
> > >
> > > References
> > >
> > >    1.
> > > http://www.sympa.org/doc/html/node4.html#SECTION00430000000000000000
> >
> > --
> > Redmond Militante / NSIT / The University of Chicago
> > PGP Public Key: <http://home.uchicago.edu/~rjm/pubkey.asc>