2011-08-14



John Lightsey informed me  of  a  possible  security  problem  in
masqmail.   He  had  done  a check on correct seteuid(2) usage in
suid binaries in Debian.  He wrote:

     In src/log.c there are two logging functions  that  use
     this logic:

          uid_t saved_uid;
          saved_uid = seteuid(conf.mail_uid);

          ...write to a log file...

          seteuid(saved_uid);

     The first seteuid() call here isn't returning the  pre-
     vious  EUID,  it's  returning  0  on  success and -1 on
     failure.  The  net  result  should  be  that  any  time
     masqmail  writes to the log, it's resetting the EUID to
     root.  This would undo the  effect  of  other  code  in
     masqmail that drops root privileges.

As seteuid(2) is a system call, one should have known  what  kind
of return value is to be expected.

Problems like this one should be fixed ASAP. Unfortunately,  real
life keeps me busy these days. I hope I get it done soon. The fix
itself isn't the big thing, but testing it and getting a new ver-
sion out.  One needs time, quietness, and concentration for that.
Exactly that am I missing currently.


John's actions followed the idea of Resposible Disclosure,  while
I  immediately  did a Full Disclosure. I am not sure which one is
the better strategy.



http://marmaro.de/lue/        markus schnalke <meillo@marmaro.de>