[Mailman-Users] Updated view on Sendmail integration
Stephen J. Turnbull
turnbull.stephen.fw at u.tsukuba.ac.jp
Tue Dec 4 20:28:53 EST 2018
Dmitri Maziuk via Mailman-Users writes:
> On Mon, 3 Dec 2018 10:30:53 -0500
> Jim Ziobro <list at ziobro.rochester.ny.us> wrote:
> ...
> > Is the directory “/etc/mailman” group-writable only to support the
> > creation of an aliases file?I would feel more confident if /etc/mailman
> > was only writable by root.
>
> So basically unix user/group access model is wrong because sendmail
> is full of bugs?
Please, Dmitri. All large software applications are full of bugs
(starting with the brain of Homo so-called Sapiens). It's only good
sense to respect POMP[1].
That said, this *is* minimum privilege. Mailman should *not* run as
root. Sendmail should only be accessing /etc/mailman via a link to a
specific file, and Mailman needs to be able to write that. QED. Even
if you use a Postfix-like multiple executable model with a dedicated
suid root binary to write Mailman's alias file, Mailman still
specifies the content. (Yes, you could fiddle the system such that
genaliases only overwrites an existing file, but that is fragile at
best, and still give Mailman's user limited access to /etc/mailman.)
So Dmitri does have a point. If you don't trust Mailman or your
webserver (the two applications that should be running with Mailman
group privileges), you're screwed anyway. I don't see why it matters
whether the evil thing is in /etc/mailman (which only Mailman should
be generically accessing: other applications should only rarely even
read specific files there, such as an alias include file), or
squirreled away elsewhere in Mailman-owned trees or those of the
webserver. Saying a webserver that produces dynamic content and even
reconfigures other applications should live entirely in read-only
storage is a paradox.
Steve
Footnotes:
[1] The Principle of Minimum Privilege.
--
Associate Professor Division of Policy and Planning Science
http://turnbull.sk.tsukuba.ac.jp/ Faculty of Systems and Information
Email: turnbull at sk.tsukuba.ac.jp University of Tsukuba
Tel: 029-853-5175 Tennodai 1-1-1, Tsukuba 305-8573 JAPAN
More information about the Mailman-Users
mailing list