dccproc-1.0.53 inserting "p=/home/username/.dcc/whiteclnt.dccw ..."

Chris Shenton chris@Shenton.Org
Wed Apr 17 02:54:04 UTC 2002


Vernon Schryver <vjs@calcite.rhyolite.com> writes:

> It occurred to me that with a setUID=0 dccproc, you could play games
> like `dccproc -h /etc -w passwd` or `dccproc -w /etc/shadow`

I figured you were protecting against something like that but didn't
have time to really understand the code.

Maybe it should only look in the user ~/.dcc/whiteclnt and if missing
look in the system one? That way no paths are necessary and can't be
subverted. Just a thought.

(Hmmm, 'course some twit could do a "ln -s /etc/passwd ~/.dcc/whiteclnt")-:


> What's the name of the dcc user, root? 

Yeah, my bad: from /var/dcc/dcc_conf:

DCCUID=root

I need to change that.  Kinda why I'm working on a port, so FreeBSD
folks can just do a "cd /usr/ports/mail/dcc-dccproc && make install clean"
and all this would be done for them -- accounts, config edits, the
couple commands an anon client needs to setup, like "cdcc new map" and
"cdcc add <servername>". They still gotta integrate with their MTA
and/or MUA but that's too variable to script an install. 

> What is the compiled-in DCC home directory?

The default, /var/dcc.  The port I'm doing tries to conform to
FreeBSD's conventions: almost everything goes in /usr/local, so I
could put it in /usr/local/dcc/...  But that's another topic.

> How is the whitelist file specified, with -w /home/chris/.dcc/whiteclnt ?
> If it couldn't open it later, it shouldn't have been able to create it
> I just tried what I understand to be the bad case, and the created
> whiteclnt.dccw is owned by the real instead of the setUID UID of dccproc.

That -w line is what I used, an absolute path.  I can try it again
tomorrow and see if dccproc creates a root-owned whiteclnt.dccw.


> ]   chris@thanatos(276> cat /tmp/email2 |dccproc -Q -w whiteclnt
> 
> Why is `cat` used?  If it's not because that's a better simulation of
> the operational environment, there is `dccproc -i /tmp/mail2`

You're right, I shouldda used "-i".  Seems like the same effect, and
same "p=" artifact.


> Did you copy to whiteclnt or whitelcnt.dccw ?

Just the "whiteclnt", then dccproc created "whiteclnt.dccw", which it
complained about the size of.



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.