Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

grsec + courierpop3d = trouble?
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
bosto
n00b
n00b


Joined: 06 Dec 2005
Posts: 23
PostPosted: Wed May 03, 2006 11:33 am    Post subject: grsec + courierpop3d = trouble? Reply with quote
Hi, i am trying to set up courier-mta for mailserver on my local net, with setting up pop3 daemon first. I configured and tried pop3 acces only, and i run into an odd problem: after succesfull login, courierpop3d cannot be started with permission denied.

strace goes like this:
Code:

read(0, "user bosto\r\n", 1024)         = 12
write(1, "+OK Password required.\r\n", 24) = 24
read(0, "pass mySecretPass\r\n", 1024)       = 14
socket(PF_FILE, SOCK_STREAM, 0)         = 3
fcntl64(3, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
connect(3, {sa_family=AF_FILE, path="/var/lib/courier/authdaemon/socket"}, 110) = 0
fcntl64(3, F_SETFL, O_RDONLY)           = 0
select(4, NULL, [3], NULL, {10, 0})     = 1 (out [3], left {10, 0})
write(3, "AUTH 25\npop3\nlogin\nbosto\nmySecretPass"..., 33) = 33
time(NULL)                              = 1146654982
time(NULL)                              = 1146654982
select(4, [3], NULL, NULL, {30, 0})     = 1 (in [3], left {30, 0})
read(3, "USERNAME=bosto\nGID=100\nHOME=/hom"..., 8191) = 120
open("/etc/passwd", O_RDONLY)           = 5
fcntl64(5, F_GETFD)                     = 0
fcntl64(5, F_SETFD, FD_CLOEXEC)         = 0
_llseek(5, 0, [0], SEEK_CUR)            = 0
fstat64(5, {st_dev=makedev(3, 2), st_ino=1077404, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, s
t_size=2435, st_atime=2006/05/03-13:16:22, st_mtime=2006/04/10-17:59:08, st_ctime=2006/04/10-17:59:08}) = 0
mmap2(NULL, 2435, PROT_READ, MAP_SHARED, 5, 0) = 0xa2dbc000
_llseek(5, 2435, [2435], SEEK_SET)      = 0
munmap(0xa2dbc000, 2435)                = 0
close(5)                                = 0
setgid32(100)                           = 0
getuid32()                              = 1000
setuid32(1000)                          = 0
chdir("/home/bosto")                    = 0
alarm(0)                                = 0
execve("/usr/lib/courier/courier/courierpop3d", ["/usr/lib/courier/courier/courier"..., ".maildir"], ["ADDRESS=0", "sbindir=/usr/sbin",
 "TLS_PROTOCOL=TLS1", "LOGGEROPTS=-name=pop3d", "bindir=/usr/bin", "POP3DSSLSTART=YES", "POP3AUTH_ORIG=PLAIN LOGIN CRAM-M"..., "PROXY_H
OSTNAME=", "POP3AUTH_TLS_ORIG=LOGIN PLAIN", "TLS_CERTFILE=/usr/share/courier/"..., "POP3AUTH=LOGIN CRAM-MD5 CRAM-SHA"..., "SSLLOGGEROPT
S=-name=pop3d-ssl", "TLS_VERIFYPEER=NONE", "MAXDAEMONS=40", "TLS_CACHESIZE=524288", "POP3DSTART=YES", "MAXPERIP=4", "TLS_STARTTLS_PROTO
COL=TLS1", "PWD=/usr", "TLS_CACHEFILE=/var/lib/courier/c"..., "POP3AUTH_TLS=LOGIN PLAIN CRAM-MD"..., "PIDFILE=/tmp/pop3d.pid", "SSLPORT
=995", "SHLVL=1", "POP3_STARTTLS=YES", "POP3_TLS_REQUIRED=0", "exec_prefix=/usr", "libexecdir=/usr/lib/courier", "prefix=/usr", "TCPDOP
TS=-nodnslookup -noidentlo"..., "POP3_PROXY=0", "COURIERTLS=/usr/bin/couriertls", "PORT=110", "SSLADDRESS=0", "SSLPIDFILE=/var/run/cour
ier/pop3"..., "MAILDIRPATH=.maildir", "_=/usr/sbin/courierlogger", "TCPREMOTEIP=::ffff:10.0.0.1", "TCPREMOTEPORT=50738", "TCPLOCALIP=::
ffff:10.0.0.1", "TCPLOCALPORT=110", "OPTIONS=", "AUTHENTICATED=bosto"]) = -1 EACCES (Permission denied)
write(2, "ERR: exec(/usr/lib/courier/couri"..., 58) = 58
close(3)                                = 0
write(2, "INFO: LOGIN FAILED, user=bosto, "..., 53) = 53
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
nanosleep({5, 0}, {5, 0})               = 0
write(1, "-ERR Login failed.\r\n", 20)  = 20
read(0,  <unfinished ...>


dmesg says this:
Code:

[21060256.084000] grsec: From iii.iii.ppp.ppp: denied untrusted exec of /usr/lib/courier/courier/courierpop3d by /usr/lib/courier/courier/courierpop3login[courierpop3logi:9973] uid/euid:1000/1000 gid/egid:100/100, parent /usr/bin/strace[strace:31620] uid/euid:0/0 gid/egid:0/0


I am running Linux brujo 2.6.14-hardened-r5 #1 Thu Feb 23 17:17:47 CET 2006 i686 VIA Nehemiah GNU/Linux, with almost all options of grsec enabled,
courier-mta is :
Code:

brujo courier # emerge -pv courier

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild   R   ] mail-mta/courier-0.52.2  USE="crypt fam ipv6 ldap mailwrapper mysql nls pam spell -fax -norewrite -postgres"


I checked the file permissions of files/binaries which are to be read/run by courierpop3login and they seem to be ok. Could anyone give me more clues for what more to check to make this work? I searched forum and googled around and i didnt find anything usefull, so, or theres noone doing that what i am trying, or i must have dune something really dumb :lol: that this doesnt work. I tried the same configuration on another machine, with gentoo-sources kernel, and there it runs like a charm. Any ideas pls?
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy