GNU bug report logs -
#41763
services: opensmtpd: Fix the setgid problem for the smtpctl utility.
Previous Next
Reported by: maxim.cournoyer <at> gmail.com
Date: Mon, 8 Jun 2020 17:47:01 UTC
Severity: normal
Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
maxim.cournoyer <at> gmail.com writes:
> The following patches provide a mean to specify a user and group for a
> setuid program, and uses that to fix a setgid permission issue in the
> context of the opensmtpd service.
>
> Christopher, you should be able to leverage this new facility to
> configure the uid/gid of the sendmail program to that of the smtpq user,
> like this:
>
> --8<---------------cut here---------------start------------->8---
> (operating-system)
> [...]
> (setuid-programs (cons (list (file-append sendmail "/usr/sbin/sendmail") "smtpq")
> %setuid-programs))
> --8<---------------cut here---------------end--------------->8---
>
> The smtpq user is created as part of the OpenSMTPD service definition.
>
> Thank you,
>
>
> Maxim
Well, thank you for looking in to this Maxim. I've had a brief look
through the patches, although I don't know enough about this area to
comment properly on them.
I wonder if it's worth using a record type to make it possible to pass
the user and group values to the service. That would probably result in
more readable configuration than just using a list of varying length.
Specifically on the diff:
- (list #$@programs))))))
+ (quote (#$@programs)))))))
This change here will mean that you can't pass some values in, as they
won't be evaluated. #~(string-append sendmail "/usr/sbin/sendmail")
would no longer work for example.
Thanks again,
Chris
[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 4 years and 7 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.