lpr notifications thru postfix
in [Postfix]
|
Prev: ?best practice to stop " root+:|" exploits
Next: Filter before delivery without procmail or maildrop
From: Reinaldo de Carvalho on 9 May 2010 21:31 On Sun, May 9, 2010 at 7:19 PM, Jamal Mubarak <jmubarak2(a)gmail.com> wrote: > > > Show permissions of /usr/sbin/postdrop and /usr/sbin/sendmail. lpr/lp > process owner have rights to exec this commands? > > Here are my permissions: > > -rwxr-sr-x 1 root _postdrop 484912 Feb 11 01:03 /usr/sbin/postdrop > -rwxr-xr-x 1 root wheel 572512 Feb 11 01:03 /usr/sbin/sendmail > -r-xr-xr-x 1 root wheel 52832 Feb 11 01:47 lp > -r-xr-xr-x 1 root wheel 44304 Feb 11 01:47 lpoptions > -r-xr-xr-x 1 root wheel 44400 Feb 11 01:47 lppasswd > -r-xr-xr-x 1 root wheel 44528 Feb 11 01:47 lpq > -r-xr-xr-x 1 root wheel 44304 Feb 11 01:47 lpr > -r-xr-xr-x 1 root wheel 35040 Feb 11 01:47 lprm > -r-xr-xr-x 1 root wheel 73552 Feb 11 01:47 lpstat > On May 9, 2010, at 7:56 AM, Wietse Venema wrote: > cups owner process is in the group _postdrop? 'owner process' isn't 'owner of lp* files', you need look owner pf cups process with 'ps' command. -- Reinaldo de Carvalho http://korreio.sf.net http://python-cyrus.sf.net "Don't try to adapt the software to the way you work, but rather yourself to the way the software works" (myself)
From: Jamal Mubarak on 9 May 2010 22:24 On May 9, 2010, at 8:31 PM, Reinaldo de Carvalho wrote: > On Sun, May 9, 2010 at 7:19 PM, Jamal Mubarak <jmubarak2(a)gmail.com> wrote: >> >> >> Show permissions of /usr/sbin/postdrop and /usr/sbin/sendmail. lpr/lp >> process owner have rights to exec this commands? >> >> Here are my permissions: >> >> -rwxr-sr-x 1 root _postdrop 484912 Feb 11 01:03 /usr/sbin/postdrop >> -rwxr-xr-x 1 root wheel 572512 Feb 11 01:03 /usr/sbin/sendmail >> -r-xr-xr-x 1 root wheel 52832 Feb 11 01:47 lp >> -r-xr-xr-x 1 root wheel 44304 Feb 11 01:47 lpoptions >> -r-xr-xr-x 1 root wheel 44400 Feb 11 01:47 lppasswd >> -r-xr-xr-x 1 root wheel 44528 Feb 11 01:47 lpq >> -r-xr-xr-x 1 root wheel 44304 Feb 11 01:47 lpr >> -r-xr-xr-x 1 root wheel 35040 Feb 11 01:47 lprm >> -r-xr-xr-x 1 root wheel 73552 Feb 11 01:47 lpstat >> On May 9, 2010, at 7:56 AM, Wietse Venema wrote: >> > > cups owner process is in the group _postdrop? > > 'owner process' isn't 'owner of lp* files', you need look owner pf > cups process with 'ps' command. jamal% ps -afx | grep cups 0 11783 1 0 0:00.90 ?? 0:00.96 /usr/sbin/cupsd -l jamal% ls -l /usr/sbin/cupsd -r-x------ 1 root wheel 887456 Feb 11 01:47 /usr/sbin/cupsd Is this what you are asking for? I have tried to change the group of /usr/sbin/postdrop to "wheel" from "_postdrop" without any difference. Same error. Jamal
From: Reinaldo de Carvalho on 10 May 2010 09:25 On Sun, May 9, 2010 at 11:24 PM, Jamal Mubarak <jmubarak2(a)gmail.com> wrote: >> >> 'owner process' isn't 'owner of lp* files', you need look owner pf >> cups process with 'ps' command. > > jamal% ps -afx | grep cups > 0 11783 1 0 0:00.90 ?? 0:00.96 /usr/sbin/cupsd -l > Who is the process onwer? try 'ps -ef | grep cups' > jamal% ls -l /usr/sbin/cupsd > -r-x------ 1 root wheel 887456 Feb 11 01:47 /usr/sbin/cupsd > > Is this what you are asking for? I have tried to change the group of /usr/sbin/postdrop to "wheel" from "_postdrop" without any difference. Same error. > Cups process onwer is in wheel? I think no. > Jamal > > -- Reinaldo de Carvalho http://korreio.sf.net http://python-cyrus.sf.net "Don't try to adapt the software to the way you work, but rather yourself to the way the software works" (myself)
From: mouss on 10 May 2010 18:57 Reinaldo de Carvalho a �crit : > On Sun, May 9, 2010 at 11:24 PM, Jamal Mubarak <jmubarak2(a)gmail.com> wrote: >>> 'owner process' isn't 'owner of lp* files', you need look owner pf >>> cups process with 'ps' command. >> jamal% ps -afx | grep cups >> 0 11783 1 0 0:00.90 ?? 0:00.96 /usr/sbin/cupsd -l >> > > Who is the process onwer? try 'ps -ef | grep cups' That's SYSV syntax. OP is running a BSD system: ps -aux | grep cups > >> jamal% ls -l /usr/sbin/cupsd >> -r-x------ 1 root wheel 887456 Feb 11 01:47 /usr/sbin/cupsd >> >> Is this what you are asking for? I have tried to change the group of /usr/sbin/postdrop to "wheel" from "_postdrop" without any difference. Same error. >> > > Cups process onwer is in wheel? I think no. > OP has "another" problem. see Wietse posts.
From: Jamal Mubarak on 10 May 2010 23:02 On May 10, 2010, at 8:25 AM, Reinaldo de Carvalho wrote: > On Sun, May 9, 2010 at 11:24 PM, Jamal Mubarak <jmubarak2(a)gmail.com> wrote: >>> >>> 'owner process' isn't 'owner of lp* files', you need look owner pf >>> cups process with 'ps' command. >> >> jamal% ps -afx | grep cups >> 0 11783 1 0 0:00.90 ?? 0:00.96 /usr/sbin/cupsd -l > > Who is the process onwer? try 'ps -ef | grep cups' ps -aux does not work in Mac OS (Darwin) any more. jamal% ps -ajx | grep cups root 11783 1 11783 8fade78 0 Ss ?? 0:01.71 /usr/sbin/cupsd -l So it appears that cups is running as root. >> jamal% ls -l /usr/sbin/cupsd >> -r-x------ 1 root wheel 887456 Feb 11 01:47 /usr/sbin/cupsd >> >> Is this what you are asking for? I have tried to change the group of /usr/sbin/postdrop to "wheel" from "_postdrop" without any difference. Same error. > > Cups process onwer is in wheel? I think no. Apparently so, but I defer to your wisdom. On May 10, 2010, at 5:57 PM, mouss wrote: > OP has "another" problem. see Wietse posts. Well, Mac OS has BSM (Basic Security Module) audit. http://www.trustedbsd.org/openbsm.html http://developer.apple.com/mac/library/DOCUMENTATION/Darwin/Reference/ManPages/man2/auditon.2.html Should I mess with auditon? Jamal
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 4 Prev: ?best practice to stop " root+:|" exploits Next: Filter before delivery without procmail or maildrop |