1:07 a.m.
Anybody have any good ideas on what should happen for auditing and loginuid
when Sendmail invokes procmail as a delivery agent, and we're running
essentially arbitrary code as the user from their .procmailrc? My gut
feeling is that this *should* act just like a cron job for auditing
purposes, but the sendmail/procmail interface isn't in the least PAM-ified,
so we can't just toss in a 'session required pam_audit.so'...
10:13 a.m.
--- Valdis.Kletnieks(a)vt.edu wrote:
Anybody have any good ideas on what should happen
for auditing and loginuid
when Sendmail invokes procmail as a delivery agent,
and we're running
essentially arbitrary code as the user from their
.procmailrc? My gut
feeling is that this *should* act just like a cron
job for auditing
purposes, but the sendmail/procmail interface isn't
in the least PAM-ified,
so we can't just toss in a 'session required
pam_audit.so'...
Since the user can define what goes into the
.procmailrc and since whatever is specified runs
as the user the audit should identify the user
and be treated as a user session. In the days
before delivery agents we still had to deal with
"vacation", and audit that appropriately.
=====
Casey Schaufler
casey(a)schaufler-ca.com
__________________________________
Do you Yahoo!?
Yahoo! Mail - Helps protect you from nasty viruses.
http://promotions.yahoo.com/new_mail
3:18 p.m.
On Wed, Feb 23, 2005 at 02:07:33AM -0500, Valdis.Kletnieks(a)vt.edu wrote:
Anybody have any good ideas on what should happen for auditing and
loginuid
when Sendmail invokes procmail as a delivery agent, and we're running
essentially arbitrary code as the user from their .procmailrc? My gut
feeling is that this *should* act just like a cron job for auditing
purposes, but the sendmail/procmail interface isn't in the least PAM-ified,
so we can't just toss in a 'session required pam_audit.so'...
Yes, this is ugly. If the audit context can't be set appropriately this
functionality needs to be disabled for the CC evaluated configuration,
for example by setting "allow_mail_to_commands" in the case of postfix
(see the local(1) man page).
Does anyone plan to add this functionality to the MTA?
-Klaus
3:52 p.m.
> Anybody have any good ideas on what should happen for auditing
and loginuid
> when Sendmail invokes procmail as a delivery agent, and we're running
> essentially arbitrary code as the user from their .procmailrc? My gut
> feeling is that this *should* act just like a cron job for auditing
> purposes, but the sendmail/procmail interface isn't in the least PAM-ified,
> so we can't just toss in a 'session required pam_audit.so'...
Yes, this is ugly. If the audit context can't be set appropriately this
functionality needs to be disabled for the CC evaluated configuration,
for example by setting "allow_mail_to_commands" in the case of postfix
(see the local(1) man page).
Does anyone plan to add this functionality to the MTA?
Probably shouldn't be the MTA, but the MDA (procmail).
There is a great deal of disagreement between many people (including me)
and Vietse, who thinks that the MTA shall setuid(), thereby making
decisions that may easily be out of its scope.
Looks like both procmail and postfix need to be pam'ified.
R.
7242
days inactive
7242
days old
linux-audit@lists.linux-audit.osci.io
3 comments
4 participants
participants (4)
-
Casey Schaufler -
Klaus Weidner -
Roman Drahtmueller -
Valdis.Kletnieks@vt.edu