Milter-greylist

Hey all,

Having some trouble getting the milter to work...

Getting a "Xgreylist: local socket name
/var/milter-greylist/milter-greylist.sock unsafe: World writable
directory" error when trying to start sendmail.

My permissions for the directory is:
[root@LINUX var]# ls -lda milter-greylist
drwxr-x---  2 root wheel 4096 Oct  7 10:55 milter-greylist

My permissions for the .sock file is:
[root@LINUX milter-greylist]# ls -l
total 0
srwxr-x---  1 root wheel 0 Oct  7 10:55 milter-greylist.sock


Any help would be greatly appreciated.

On Fri, Oct 07, 2005 at 05:06:36PM -0000, Brian Tobin wrote:
> My permissions for the directory is:
> [root@LINUX var]# ls -lda milter-greylist
> drwxr-x---  2 root wheel 4096 Oct  7 10:55 milter-greylist
> 
> My permissions for the .sock file is:
> [root@LINUX milter-greylist]# ls -l
> total 0
> srwxr-x---  1 root wheel 0 Oct  7 10:55 milter-greylist.sock

What about the parent directories for "milter-greylist"?

My permissions look like this:

tron@colwyn:~>ls -al /var/milter-greylist
total 202
drwxr-xr-x   2 smmsp  wheel     512 Oct  7 18:08 .
drwxr-xr-x  38 root   wheel    1024 Oct  7 10:24 ..
-rw-------   1 smmsp  wheel  191519 Oct  7 18:08 greylist.db
srwxrwxrwx   1 smmsp  wheel       0 Oct  5 19:18 milter-greylist.sock

This is with "-u smmsp" of course.

	Kind regards

-- 
Matthias Scheler                                  http://scheler.de/~matthias/

> Getting a "Xgreylist: local socket name
> /var/milter-greylist/milter-greylist.sock unsafe: World writable
> directory" error when trying to start sendmail.
> 
> My permissions for the directory is:
> [root@LINUX var]# ls -lda milter-greylist
> drwxr-x---  2 root wheel 4096 Oct  7 10:55 milter-greylist

What are the permissions on the / and /var directories?  Sendmail
checks permissions on all directory components, though it doesn't
tell you which directory level is the problem.

--d

--- In milter-greylist@yahoogroups.com, Matthias Scheler <tron@z...>
wrote:
>
> On Fri, Oct 07, 2005 at 05:06:36PM -0000, Brian Tobin wrote:
> > My permissions for the directory is:
> > [root@LINUX var]# ls -lda milter-greylist
> > drwxr-x---  2 root wheel 4096 Oct  7 10:55 milter-greylist
> > 
> > My permissions for the .sock file is:
> > [root@LINUX milter-greylist]# ls -l
> > total 0
> > srwxr-x---  1 root wheel 0 Oct  7 10:55 milter-greylist.sock
> 
> What about the parent directories for "milter-greylist"?
> 
> My permissions look like this:
> 
> tron@colwyn:~>ls -al /var/milter-greylist
> total 202
> drwxr-xr-x   2 smmsp  wheel     512 Oct  7 18:08 .
> drwxr-xr-x  38 root   wheel    1024 Oct  7 10:24 ..
> -rw-------   1 smmsp  wheel  191519 Oct  7 18:08 greylist.db
> srwxrwxrwx   1 smmsp  wheel       0 Oct  5 19:18 milter-greylist.sock
> 
> This is with "-u smmsp" of course.
> 

OK - My directories look like this:

[root@LINUX /]# ls -lda var
drwxr-xrwx  26 root root 4096 Oct  7 16:23 var

[root@LINUX /]# ls -lda /
drwxr-xr-x  28 root root 4096 Oct  7 16:23 /

I can't imagine I can change the write permissions on / or /var since
other applications must use these.  Should I change the directory the
milter runs from? Any recommendations?

On Mon, Oct 10, 2005 at 02:13:27PM -0000, Brian Tobin wrote:
> [root@LINUX /]# ls -lda var
> drwxr-xrwx  26 root root 4096 Oct  7 16:23 var

This looks fishy. It means that arbitrary users can create directories
in "/var".

> [root@LINUX /]# ls -lda /
> drwxr-xr-x  28 root root 4096 Oct  7 16:23 /
> 
> I can't imagine I can change the write permissions on / or /var since
> other applications must use these.

The permissions on "/var" look plain wrong. Any application which requires
"/var" to be world writable is broken. My guess is that these permissions
are the result of a mistake by the system administrator e.g. by feeding
bad values to a "configure" script. If you check "/var" for files you
might figure which software is using that directory directly instead
of a sub directory.

	Kind regards

-- 
Matthias Scheler                                  http://scheler.de/~matthias/