diff options
author | Alexander E. Patrakov <patrakov@gmail.com> | 2019-12-01 05:19:49 +0500 |
---|---|---|
committer | Alexander E. Patrakov <patrakov@gmail.com> | 2019-12-01 05:19:49 +0500 |
commit | 8bdce604fdd42760af3c203af675f4df66186db3 (patch) | |
tree | 18b1ff9763fe93ee524b9d7c718e7e839ebea71d | |
parent | Merge pull request #1009 from OpenSMTPD/test_cleanup (diff) | |
download | OpenSMTPD-8bdce604fdd42760af3c203af675f4df66186db3.tar.xz OpenSMTPD-8bdce604fdd42760af3c203af675f4df66186db3.zip |
smtpctl: check correct egid at startup
Too many Linux distributions (Debian, Ubuntu, Arch, Fedora) got smtpctl
permissions wrong. The typical pattern (applies to Arch) is:
* The build machine does not have the smtpq group
* The build runs as non-root with --with-group-queue=smtpq
* The smtpq group is created in post-install via systemd-sysusers
* There is nothing that makes smtpctl setgid smtpq
* The package even seems to work until offline delivery is attempted
Let's make sure users complain to the distributors if the above happens,
instead of having a silently broken installation.
See also the (invalid) ticket #1012.
-rw-r--r-- | smtpd/smtpctl.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/smtpd/smtpctl.c b/smtpd/smtpctl.c index 81c6a17a..49d4a482 100644 --- a/smtpd/smtpctl.c +++ b/smtpd/smtpctl.c @@ -1061,7 +1061,8 @@ do_spf_walk(int argc, struct parameter *argv) int main(int argc, char **argv) { - gid_t gid; + gid_t egid, gid; + struct group *gr; int privileged; char *argv_mailq[] = { "show", "queue", NULL }; @@ -1069,6 +1070,15 @@ main(int argc, char **argv) __progname = ssh_get_progname(argv[0]); #endif + /* Sanity check that too many Linux distros fail */ + egid = getegid(); + gr = getgrnam(SMTPD_QUEUE_GROUP); + if (gr == NULL) + warnx("installation problem: unknown group %s", SMTPD_QUEUE_GROUP); + if (gr != NULL && gr->gr_gid != egid) + warnx("installation problem: this program must be setgid %s", + SMTPD_QUEUE_GROUP); + sendmail_compat(argc, argv); privileged = geteuid() == 0; |