Bug 244271 - mail/opensmtpd: 6.6.3p offline functionality is broken because of incorrect permissions
Summary: mail/opensmtpd: 6.6.3p offline functionality is broken because of incorrect p...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Dima Panov
URL:
Keywords: needs-patch, needs-qa, regression
Depends on:
Blocks:
 
Reported: 2020-02-21 09:49 UTC by Kamigishi Rei
Modified: 2020-04-07 10:18 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (fluffy)
koobs: merge-quarterly?


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Kamigishi Rei 2020-02-21 09:49:49 UTC
6.6.3 seems to have changed the way offline directory is handled. smtpctl has incorrect permissions (with possible security implications):

# ls -l /usr/local/sbin/smtpctl
-r-xr-sr-x  1 root  wheel  222832 Feb 15 08:23 /usr/local/sbin/smtpctl

It has setgid wheel when according to https://github.com/OpenSMTPD/OpenSMTPD/issues/839#issuecomment-371159242 it should be setgid _smtpq.

This results in an error when, for example, PHP mail() is used:

sendmail: cannot create temporary file /var/spool/smtpd/offline/whatever.whatever: Permission denied
Comment 1 Dima Panov freebsd_committer 2020-04-05 22:22:54 UTC
(In reply to Kamigishi Rei from comment #0)
Did this issue was gone with 6.6.4 pkg release?
Comment 2 Kamigishi Rei 2020-04-07 10:18:51 UTC
(In reply to Dima Panov from comment #1)
I think so; the smtpctl binary seems to have correct permissions now.