"Postfix sendmail command has set-uid root file permissions" error occurs.
Environment
- Red Hat Enterprise Linux 6 update 2
- Red Hat Enterprise Linux 6 update 3
- Red Hat Enterprise Linux 6 update 4
Issue
- When a
cronjobis invoked from non-rootcrontab, it produces output as follows which looks like postfix warning:
Apr 17 03:21:01 example postfix/sendmail[5002]: warning: the Postfix sendmail command has set-uid root file permissions
Apr 17 03:21:01 example postfix/sendmail[5002]: warning: or the command is run from a set-uid root process
Apr 17 03:21:01 example postfix/sendmail[5002]: warning: the Postfix sendmail command must be installed without set-uid root file permissions
- Is there any bug in
cronie?
Resolution
- This was identified as a bug and has been resolved with an errata.
- Update the
croniepackage version1.4.4-12.el6.x86_64which was released with Red Hat Enterprise Linux 6.5.
Root Cause
sendmail.c
/*
* Some sites mistakenly install Postfix sendmail as set-uid root. Drop
* set-uid privileges only when root, otherwise some systems will not
* reset the saved set-userid, which would be a security vulnerability.
*/
if (geteuid() == 0 && getuid() != 0) {
msg_warn("the Postfix sendmail command has set-uid root file permissions");
msg_warn("or the command is run from a set-uid root process");
msg_warn("the Postfix sendmail command must be installed without set-uid root file permissions");
set_ugid(getuid(), getgid());
}
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments