576190 – mail-filter/dcc-1.3.140-1: Everything as root (security problem)

Bug 576190 - mail-filter/dcc-1.3.140-1: Everything as root (security problem)

Summary: mail-filter/dcc-1.3.140-1: Everything as root (security problem)

Status:	UNCONFIRMED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Robin Johnson

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2016-03-02 04:01 UTC by Walter
Modified:	2016-10-01 14:52 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Walter 2016-03-02 04:01:15 UTC

The package installs to run all daemons as root.

This is unnecessary and undesirable from a security standpoint.

Given that the only other bug currently out there for the package states an earlier version likely has an overflow, this is doubly the case.

The ebuild should be modified to add a dcc user and group, which should own /var/dcc and have read-only access to root-owned /etc/dcc

Permissions should be tested in milter and non-milter configurations.

Comment 1 Vladimir Datsevich 2016-10-01 14:52:58 UTC

Any news on this?