Re: 2.8.0 and newly strict checking

From: Murray S. Kucherawy <msk_at_blackops.org>
Date: Mon, 4 Mar 2013 20:21:30 -0800 (PST)

On Mon, 4 Mar 2013, Doug Barton wrote:
> The patch that SM supplied gave back the answer that it was the
> permissions on the file itself that 2.8.0 didn't like. After further
> instrumentation of the code I discovered that it was tripping on the
> "group has members other than me" test, in spite of the fact that there
> are no group write permissions on either the directory or the files. So
> I created an opendkim group that has only the opendkim user as a member,
> and the following permissions now work:

The intent is not only to protect key replacement, but also key use. If
the private key can be read, then it can be used by applications that
possibly shouldn't have access to it to generate signed content. So
turning off the group read bit should also solve your problem.

> I tried unraveling where to fix the test to take lack of group write
> permissions into account, but ran out of time. Hopefully this will help
> someone more familiar with the code to find the right answer.

The test is this one:

         if ((s.st_mode & (S_IRGRP|S_IWGRP)) != 0)

If that test passes, then the password and group databases are checked for
any other users with the same gid as the file. If you remove "S_IRGRP|"
from that line, then the group read bit doesn't matter.

-MSK
Received on Tue Mar 05 2013 - 04:22:05 PST