/var/dcc/map is not private

I've messed up permissions somehow on the above file I think.

drwxr-xr-x  3 root root  4096 Jan 26 16:45 build/
drwxr-xr-x  2 root bin   4096 Jan 26 16:46 cgi-bin/
-rwxrwxr--  1 root root  4441 Jul  6  2007 dcc_conf*
-rwxrwxr--  1 root root  4972 Jan 26 16:46 dcc_conf-new*
-rw-r--r--  1 root bin    825 Dec 26  2004 flod
-rw-r--r--  1 root bin    561 Dec 26  2004 grey_flod
-rw-r--r--  1 root bin    496 Dec 26  2004 grey_whitelist
-rw-------  1 root root  2549 Dec 26  2004 ids
drwxr-xr-x  2 bin  bin   4096 Jan 26 16:46 libexec/
drwxr-xr-x  2 root bin   4096 Dec 26  2004 log/
-rw-rw----  1 root root  7564 Jan 25 15:56 map
-rw-------  1 root root  2565 Jul  7  2007 map.txt
-rw-r--r--  1 root root  2565 Jul  7  2007 map.txt~
-rw-r--r--  1 root bin   3096 Dec 26  2004 whiteclnt
-rw-r--r--  1 root bin  12099 Dec 26  2004 whitecommon
-rw-r--r--  1 root bin    482 Dec 26  2004 whitelist

I keep seeing this in my hourly syslog output:

Jan 27 08:29:09 localhost dccproc[19405]: /var/dcc/map is not private

The next line in the log warns me about the DCC plug-in for Spamassassin:

Jan 27 08:29:09 localhost spamd[21849]: Use of uninitialized value in string
at /etc/mail/spamassassin/DCC.pm line 417.

That line is below:

$permsgstatus->test_log("$permsgstatus->{dcc_header_result}");

I noticed that since whatever I did no DCC checks have apparently been made of
the database since whats below is what all spam shows now for dcc checks:

Not listed in DCC
[]

I'm also seening this now in my 4:00am check:

Jan 26 04:04:37 localhost : Security Warning: Change in Suid Root files
found :
Jan 26 04:04:37 localhost : - No longer present suid root
file : /usr/local/bin/cdcc
Jan 26 04:04:37 localhost : - No longer present suid root
file : /usr/local/bin/dccproc

I see that somehow I changed the permissions to this:

-r-sr-xr-x  1 root   bin     161288 Jan 26 16:46 cdcc*
-r-sr-xr-x  1 root   bin     471136 Jan 26 16:46 dccproc*

I've changed them back to what it looks like everything else is:

-rwxr-xr-x  1 root   bin     161288 Jan 26 16:46 cdcc*
-rwxr-xr-x  1 root   bin     471136 Jan 26 16:46 dccproc*

This will teach me to screw with things when I have the flu and can't read
apparently can't read the output of my syslog snips correctly. Thanks for any
assistance.

Chris

--
Chris
KeyID 0xE372A7DA98E6705C

> From: Chris <cpollock@...>

> --nextPart2303122.G5yE5Uq94h
> Content-Type: text/plain;
>   charset="us-ascii"
> Content-Transfer-Encoding: quoted-printable
> Content-Disposition: inline

mail to this mailing list encrypted as quoted-printable, HTML, etc.
has to wait until I manually check it.


> =2Drw-rw----  1 root root  7564 Jan 25 15:56 map

> I keep seeing this in my hourly syslog output:
> Jan 27 08:29:09 localhost dccproc[19405]: /var/dcc/map is not private

/var/dcc/map must be readable by only the UID that runs cdcc, dccproc,
dccifd, or dccm, because the file can contain passwords.


Perhaps someone who knows about SpamAssassin can comment about that,
but the interference that DCC checks are being made sounds dubious to me.


I do not understand those comments.  cdcc and dccproc are usually
set-UID to the UID specified with `./configure --with-uid=UID`
If not set explicitly, UID is set to 0.
See the installation instructions at
http://www.dcc-servers.net/dcc/dcc-tree/INSTALL.html#envtbl--with-uid
or in the INSTALL.html or INSTALL.txt file in your copy of the DCC source.

cdcc and dccproc are set-UID so that they can read the private
file /var/dcc/map

Assuming you have made no DCC configuration changes except with ./configure,
in your position I would delete everything except /var/dcc/libexec/updatedcc
and then run that shell script.  It should fetch, ./configure, compile,
install, and restart the code including building a new /var/dcc/map file.

updatedcc is modified by the previous ./configure cycle to contain those
./configure parameters.


Vernon Schryver    vjs@...
_______________________________________________
DCC mailing list      DCC@...
http://www.rhyolite.com/mailman/listinfo/dcc

On Sunday 27 January 2008 10:41 am, Vernon Schryver wrote:

>
> mail to this mailing list encrypted as quoted-printable, HTML, etc.
> has to wait until I manually check it.
>
I'll remember that Vernon and not sign my messages anymore, thanks.
I've done what you suggested, permissions look like this now:

drwxrwxr-x  3 root root 4096 Jan 27 11:43 build/
drwxrwxr-x  2 root bin  4096 Jan 27 11:44 cgi-bin/
-rw-r--r--  1 root root 4972 Jan 27 11:44 dcc_conf
-rw-r--r--  1 root bin   796 Jan 27 11:44 flod
-rw-r--r--  1 root bin   426 Jan 27 11:44 grey_flod
-rw-r--r--  1 root bin   496 Jan 27 11:44 grey_whitelist
-rw-------  1 root root 2431 Jan 27 11:44 ids
drwxr-xr-x  2 bin  bin  4096 Jan 27 11:44 libexec/
drwxrwxr-x  2 root root 4096 Jan 27 11:27 log/
-rw-------  1 root root 7564 Jan 27 11:44 map
-rw-------  1 root root  359 Jan 27 11:44 map.txt
-rw-r--r--  1 root bin  3927 Jan 27 11:44 whiteclnt
-rw-r--r--  1 root bin  1668 Jan 27 11:44 whitecommon
-rw-r--r--  1 root bin   864 Jan 27 11:44 whitelist

-r-sr-xr-x  1 root   bin     471136 Jan 27 11:44 dccproc*
-r-sr-xr-x  1 root   bin     161288 Jan 27 11:44 cdcc*

Hopefully this will fix my screwups. I'm pretty sure whatever I did was
affecting the SA plug-in also. I'll have to check next hours log snip and see
if it did and let you know.

Thanks for your help Vernon, appreciate it.

Chris

--
Chris
KeyID 0xE372A7DA98E6705C
_______________________________________________
DCC mailing list      DCC@...
http://www.rhyolite.com/mailman/listinfo/dcc

On Sunday 27 January 2008 10:41 am, Vernon Schryver wrote:
All appears to be working correctly again Vernon, thanks for the help.

-0.0 DCC_CHECK_NEGATIVE     Not listed in DCC
                            [cpollock 104; Body=174 Fuz1=194]

--
Chris
KeyID 0xE372A7DA98E6705C
_______________________________________________
DCC mailing list      DCC@...
http://www.rhyolite.com/mailman/listinfo/dcc