Bug#581739: permission check on .forward files ignores user private groups
Andreas Hemel
dai.shan at gmx.net
Sat May 15 12:55:05 UTC 2010
Package: exim4
Version: 4.71-4
Severity: normal
According to bug #581434 the default umask on new installations will
change from 022 to 002. Debian uses user private groups, meaning every
user is in his own private group, that nobody else is a member of. This
change makes it easier to setup additional collaboration groups without
the need to bug all partaking users to change their umask. For further
details see #581434 and the discussion on debian-devel [1].
Exim checks the permission bits on user .forward files and refuses to
deliver any mail if the .forward file is group writable. It does not
check if the user is the only member in the group associated with the
.forward file. In that case setting the group writable bit is save. The
change of the default umask causes all .forward files created on new
installs to have the group writable bit set by default.
If Exim refuses to deliver mail because of this, the user is not (and
probably can not be) notified and the only way to find out why mail is
not deliviered is looking at the log files, to which a regular user does
not have access.
I've reproduced this problem with both 4.71-4 from unstable and
4.71-2~bpo50+1 from lenny-backports. With the latter version I even
completly lost some system mail. I realize that bounces could not be
deliviered because both the receiver and sender were essentially the
same user (with the 'broken' .forward permissions), but I do not
understand why these mails were dropped instead of being frozen.
[1] http://lists.debian.org/debian-devel/2010/05/msg00252.html
More information about the Pkg-exim4-maintainers
mailing list