[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [bug-mailutils] [Feature request] Find "sendmail" in $PATH at runtim
Re: [bug-mailutils] [Feature request] Find "sendmail" in $PATH at runtime
Mon, 23 Oct 2017 09:59:15 +0200
On 8 October 2017 at 14:56, Bjørn Forsman <address@hidden> wrote:
> Hi Sergey,
> On 8 October 2017 at 14:39, Sergey Poznyakoff <address@hidden> wrote:
>> Hi Bjørn,
>>> For packaging mailutils in Nix/NixOS I/we would like to have the
>>> "mail" program lookup the path to "sendmail" at runtime via the $PATH
>>> environment variable.
>> Have you considered the security implications of such a move?
> My reasoning is that as long as "mail" is not setuid root (or anything
> that elevates the privileges of the user invoking it), there is no
> security issue. But I'm actually not that familiar with "mail"... does
> it ever get installed setuid? (Currently it doesn't on NixOS.)
> Do you see any issues?
Can you confirm whether this is an issue?
I looked closer at how mailutils is built in Nixpkgs and noticed that
Makefile.in/am files are patched with "s/chmod 755/chmod 0755/".
(That's due to the multi-user (unprivileged) package manager security
model of Nixpkgs/NixOS; packages are built and installed unprivileged
and if a program needs setuid, a setuid wrapper program is made at the
OS level, which only an admin user is allowed to set up.)
Looking into which utils use setuid/gid I find:
$ grep -rn "chmod.*755" mailutils-3.2/
mailutils-3.2/maidag/Makefile.in:1514: chmod 4755 $(DESTDIR)$(sbindir)/$$i;\
mailutils-3.2/maidag/Makefile.am:64: chmod 4755 $(DESTDIR)$(sbindir)/$$i;\
mailutils-3.2/dotlock/Makefile.in:1335: chmod 2755 $(DESTDIR)$(bindir)/$$i;\
mailutils-3.2/dotlock/Makefile.am:30: chmod 2755 $(DESTDIR)$(bindir)/$$i;\
So in the end, only "maidag" and "dotlock" use setuid/gid, not "mail"?