244271 – mail/opensmtpd: 6.6.3p offline functionality is broken because of incorrect permissions

Bug 244271 - mail/opensmtpd: 6.6.3p offline functionality is broken because of incorrect permissions

Summary: mail/opensmtpd: 6.6.3p offline functionality is broken because of incorrect p...

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Many People
Assignee:	Dima Panov

URL:
Keywords:	needs-patch, needs-qa, regression

Depends on:
Blocks:

Reported:	2020-02-21 09:49 UTC by Kamigishi Rei
Modified:	2020-04-07 10:18 UTC (History)
CC List:	0 users

See Also:

Flags:	bugzilla: maintainer-feedback? (fluffy) koobs: merge-quarterly?

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Kamigishi Rei 2020-02-21 09:49:49 UTC

6.6.3 seems to have changed the way offline directory is handled. smtpctl has incorrect permissions (with possible security implications):

# ls -l /usr/local/sbin/smtpctl
-r-xr-sr-x  1 root  wheel  222832 Feb 15 08:23 /usr/local/sbin/smtpctl

It has setgid wheel when according to https://github.com/OpenSMTPD/OpenSMTPD/issues/839#issuecomment-371159242 it should be setgid _smtpq.

This results in an error when, for example, PHP mail() is used:

sendmail: cannot create temporary file /var/spool/smtpd/offline/whatever.whatever: Permission denied

Comment 1 Dima Panov freebsd_committer

2020-04-05 22:22:54 UTC

(In reply to Kamigishi Rei from comment #0)
Did this issue was gone with 6.6.4 pkg release?

Comment 2 Kamigishi Rei 2020-04-07 10:18:51 UTC

(In reply to Dima Panov from comment #1)
I think so; the smtpctl binary seems to have correct permissions now.