1 |
I'm not going to address Jory's behaviour here, but I would like to |
2 |
look at the actual development stuff, namely the SUID status of vchkpw, |
3 |
as I took care of vpopmail before Jory came on board. |
4 |
|
5 |
On Wed, Jul 20, 2005 at 01:32:30AM +0000, Casey Allen Shobe wrote: |
6 |
> > I would strongly recommend doing chmod +s /var/vpopmail/bin/vchkpw |
7 |
> > in the ebuild, and then if the end user doesn't want it SUID, then |
8 |
> > that's what FEATURES=suidctl is for. |
9 |
> |
10 |
> Umm, no it's not, and it's not useless info. I reported the bug to |
11 |
> the gentoo-dev list some months ago, but should have probably used |
12 |
> bugs.gentoo.org instead. In any case, it's certainly not installed |
13 |
> setuid by default: |
14 |
> |
15 |
> # emerge -va vpopmail && ls -l /var/vpopmail/bin/vchkpw |
16 |
> |
17 |
> These are the packages that I would merge, in order: |
18 |
> |
19 |
> Calculating dependencies ...done! |
20 |
> [ebuild R ] net-mail/vpopmail-5.4.6-r1 +clearpasswd -ipalias |
21 |
> -mysql -postgres 0 kB [1] |
22 |
> [...] |
23 |
> >>> net-mail/vpopmail-5.4.6-r1 merged. |
24 |
> [...] |
25 |
> -rwx--x--x 1 root root 85036 Jul 19 23:53 /var/vpopmail/bin/vchkpw* |
26 |
> |
27 |
> So stop telling me my info is useless, when it's obviously not. |
28 |
> > This is not how we can handle this the user should have already |
29 |
> > read up on how to setup vpopmail before ever installing it, which |
30 |
> > means they would already know that SUID is required. |
31 |
> As SUID is required for qmail-smtpd, vchkpw should indeed be |
32 |
> installed SUID by default unless overridden by using suidctl. This |
33 |
> is NOT the case now. |
34 |
|
35 |
This problem IS fixed in ~arch: |
36 |
|
37 |
line 190 of both vpopmail-5.4.10.ebuild and vpopmail-5.4.9-r2.ebuild: |
38 |
chmod 4711 ${D}${VPOP_HOME}/bin/vchkpw |
39 |
|
40 |
So if this is still a problem in arch, but works in ~arch, you SHOULD |
41 |
file a bug report. |
42 |
|
43 |
However the original reasoning for vchkpw NOT being setuid was that |
44 |
setuid is NOT always needed depending on which backend you are using. |
45 |
|
46 |
And as I've mentioned before I'd like MORE reports of packages working |
47 |
well before they are moved to stable arch. Without those stable working |
48 |
reports I don't have any means to judge just how much testing has been |
49 |
done on a package, other than my own use of a package (and as such I do |
50 |
leave things longer than the 30 days, because I don't entirely trust |
51 |
them). |
52 |
|
53 |
-- |
54 |
Robin Hugh Johnson |
55 |
E-Mail : robbat2@××××××××××××××.net |
56 |
Home Page : http://www.orbis-terrarum.net/?l=people.robbat2 |
57 |
ICQ# : 30269588 or 41961639 |
58 |
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85 |