| 1 |
I'm not going to address Jory's behaviour here, but I would like to |
| 2 |
look at the actual development stuff, namely the SUID status of vchkpw, |
| 3 |
as I took care of vpopmail before Jory came on board. |
| 4 |
|
| 5 |
On Wed, Jul 20, 2005 at 01:32:30AM +0000, Casey Allen Shobe wrote: |
| 6 |
> > I would strongly recommend doing chmod +s /var/vpopmail/bin/vchkpw |
| 7 |
> > in the ebuild, and then if the end user doesn't want it SUID, then |
| 8 |
> > that's what FEATURES=suidctl is for. |
| 9 |
> |
| 10 |
> Umm, no it's not, and it's not useless info. I reported the bug to |
| 11 |
> the gentoo-dev list some months ago, but should have probably used |
| 12 |
> bugs.gentoo.org instead. In any case, it's certainly not installed |
| 13 |
> setuid by default: |
| 14 |
> |
| 15 |
> # emerge -va vpopmail && ls -l /var/vpopmail/bin/vchkpw |
| 16 |
> |
| 17 |
> These are the packages that I would merge, in order: |
| 18 |
> |
| 19 |
> Calculating dependencies ...done! |
| 20 |
> [ebuild R ] net-mail/vpopmail-5.4.6-r1 +clearpasswd -ipalias |
| 21 |
> -mysql -postgres 0 kB [1] |
| 22 |
> [...] |
| 23 |
> >>> net-mail/vpopmail-5.4.6-r1 merged. |
| 24 |
> [...] |
| 25 |
> -rwx--x--x 1 root root 85036 Jul 19 23:53 /var/vpopmail/bin/vchkpw* |
| 26 |
> |
| 27 |
> So stop telling me my info is useless, when it's obviously not. |
| 28 |
> > This is not how we can handle this the user should have already |
| 29 |
> > read up on how to setup vpopmail before ever installing it, which |
| 30 |
> > means they would already know that SUID is required. |
| 31 |
> As SUID is required for qmail-smtpd, vchkpw should indeed be |
| 32 |
> installed SUID by default unless overridden by using suidctl. This |
| 33 |
> is NOT the case now. |
| 34 |
|
| 35 |
This problem IS fixed in ~arch: |
| 36 |
|
| 37 |
line 190 of both vpopmail-5.4.10.ebuild and vpopmail-5.4.9-r2.ebuild: |
| 38 |
chmod 4711 ${D}${VPOP_HOME}/bin/vchkpw |
| 39 |
|
| 40 |
So if this is still a problem in arch, but works in ~arch, you SHOULD |
| 41 |
file a bug report. |
| 42 |
|
| 43 |
However the original reasoning for vchkpw NOT being setuid was that |
| 44 |
setuid is NOT always needed depending on which backend you are using. |
| 45 |
|
| 46 |
And as I've mentioned before I'd like MORE reports of packages working |
| 47 |
well before they are moved to stable arch. Without those stable working |
| 48 |
reports I don't have any means to judge just how much testing has been |
| 49 |
done on a package, other than my own use of a package (and as such I do |
| 50 |
leave things longer than the 30 days, because I don't entirely trust |
| 51 |
them). |
| 52 |
|
| 53 |
-- |
| 54 |
Robin Hugh Johnson |
| 55 |
E-Mail : robbat2@××××××××××××××.net |
| 56 |
Home Page : http://www.orbis-terrarum.net/?l=people.robbat2 |
| 57 |
ICQ# : 30269588 or 41961639 |
| 58 |
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85 |
Archives