Re: 2.8.0 and newly strict checking

From: Doug Barton <dougb_at_dougbarton.us>
Date: Mon, 04 Mar 2013 22:41:29 -0800

On 03/04/2013 08:21 PM, Murray S. Kucherawy wrote:
> On Mon, 4 Mar 2013, Doug Barton wrote:
>> The patch that SM supplied gave back the answer that it was the
>> permissions on the file itself that 2.8.0 didn't like. After further
>> instrumentation of the code I discovered that it was tripping on the
>> "group has members other than me" test, in spite of the fact that
>> there are no group write permissions on either the directory or the
>> files. So I created an opendkim group that has only the opendkim user
>> as a member, and the following permissions now work:
>
> The intent is not only to protect key replacement, but also key use. If
> the private key can be read, then it can be used by applications that
> possibly shouldn't have access to it to generate signed content. So
> turning off the group read bit should also solve your problem.
>
>> I tried unraveling where to fix the test to take lack of group write
>> permissions into account, but ran out of time. Hopefully this will
>> help someone more familiar with the code to find the right answer.
>
> The test is this one:
>
> if ((s.st_mode & (S_IRGRP|S_IWGRP)) != 0)
>
> If that test passes, then the password and group databases are checked
> for any other users with the same gid as the file. If you remove
> "S_IRGRP|" from that line, then the group read bit doesn't matter.

Right, but if you look back at my OP you'd see that there are no group
permissions at all, for the /var/db/opendkim directory or the files in
it. I saw the tests, and I figured out _where_ it failed, what I don't
understand is why.

Like I said in my post earlier today, I suspect that the solution here
is to skip the tests related to groups if there are no group
permissions. But my time to review the code was limited.

Doug
Received on Tue Mar 05 2013 - 06:41:37 PST