Debian Bug report logs - #570971
ssmtp: cannot read alternative config files stored in encfs fuse filesystem

version graph

Package: ssmtp; Maintainer for ssmtp is Anibal Monsalve Salazar <anibal@debian.org>; Source for ssmtp is src:ssmtp.

Reported by: Guido Trotter <ultrotter@debian.org>

Date: Mon, 22 Feb 2010 14:54:02 UTC

Severity: important

Tags: moreinfo

Found in version ssmtp/2.64-3

Fixed in version ssmtp/2.64-4

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Anibal Monsalve Salazar <anibal@debian.org>:
Bug#570971; Package ssmtp. (Mon, 22 Feb 2010 14:54:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Guido Trotter <ultrotter@debian.org>:
New Bug report received and forwarded. Copy sent to Anibal Monsalve Salazar <anibal@debian.org>. (Mon, 22 Feb 2010 14:54:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Guido Trotter <ultrotter@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Cannot read alternative config files anymore
Date: Mon, 22 Feb 2010 15:28:57 +0100
Package: ssmtp
Version: 2.64-3
Severity: critical
Tags: patch

Hi,

The recent change to install ssmtp sgid mail broke the possibility to
use the -C flag to select an alternative config file. This break
unrelated system configurations (eg, my git couldn't send mail anymore).

I think -C + suid/sgid is disabled for security reasons, and considering
I've been keeping my passwords secure by putting them in separate files
and calling ssmtp with -C (which means I can also use different
mailhubs) this broke my setup. Removing the sgid bit fixed the problem.

Please install the /etc config file as readable by anybody, and revert
the sgid fix (so that #567906 is not broken again) and then add a
comment there explaining how to change it that way if one wants, and the
-C option as well, and that it's otherwise unsecure to put passwords
there. Then the sgid change can be reverted.

Thanks

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.33-rc8rx00 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages ssmtp depends on:
ii  debconf [debconf-2.0]         1.5.28     Debian configuration management sy
ii  libc6                         2.10.2-2   GNU C Library: Shared libraries
ii  libgnutls26                   2.8.5-2    the GNU TLS library - runtime libr

ssmtp recommends no packages.

ssmtp suggests no packages.

-- debconf information excluded




Information forwarded to debian-bugs-dist@lists.debian.org, Anibal Monsalve Salazar <anibal@debian.org>:
Bug#570971; Package ssmtp. (Sun, 14 Mar 2010 10:12:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Andrew Lee <ajqlee@debian.org>:
Extra info received and forwarded to list. Copy sent to Anibal Monsalve Salazar <anibal@debian.org>. (Sun, 14 Mar 2010 10:12:04 GMT) Full text and rfc822 format available.

Message #10 received at 570971@bugs.debian.org (full text, mbox):

From: Andrew Lee <ajqlee@debian.org>
To: 570971@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Re: Cannot read alternative config files anymore
Date: Sun, 14 Mar 2010 17:08:46 +0700
tags 570971 + moreinfo unreproducible - patch
thanks

Hi Guido, (hi Anibal),

The -C option works for me with 2.64-3 + patch from #572154:

# cp /etc/ssmtp/ssmtp.conf /etc/ssmtp/ssmtp-1.conf
# vi /etc/ssmtp/ssmtp.conf (change mailhub to invaild place)

Create a test file contain:
----------------------
To:ajqlee@debian.org
Subject: Test

This is a test mail.
----------------------

# ssmtp -t < test
ssmtp: Cannot open invaild:25

# ssmtp -C/etc/ssmtp/ssmtp-1.conf -t < test

Then I got the mail.

Hello from Thailand Mini-DebCamp 2010 BSP:
http://wiki.debian.org/DebianThailand/MiniDebCamp2010/BSP

Cheers,

-Andrew




Added tag(s) unreproducible and moreinfo. Request was from Andrew Lee <ajqlee@debian.org> to control@bugs.debian.org. (Sun, 14 Mar 2010 10:12:05 GMT) Full text and rfc822 format available.

Removed tag(s) patch. Request was from Andrew Lee <ajqlee@debian.org> to control@bugs.debian.org. (Sun, 14 Mar 2010 10:12:06 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Anibal Monsalve Salazar <anibal@debian.org>:
Bug#570971; Package ssmtp. (Thu, 18 Mar 2010 10:39:45 GMT) Full text and rfc822 format available.

Acknowledgement sent to Guido Trotter <ultrotter@debian.org>:
Extra info received and forwarded to list. Copy sent to Anibal Monsalve Salazar <anibal@debian.org>. (Thu, 18 Mar 2010 10:39:45 GMT) Full text and rfc822 format available.

Message #19 received at 570971@bugs.debian.org (full text, mbox):

From: Guido Trotter <ultrotter@debian.org>
To: 570971@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Please try the same while not running as root
Date: Thu, 18 Mar 2010 11:31:59 +0100
tags 570971 + path - unreproducible moreinfo
thanks

Hi,

I think you might be trying that while running as root. What this breaks is
non-root users having each his own configuration (or more than one per user,
depending on the account)

Thanks,

Guido

(reverting the tag changes as I'm providing more info on how to reproduce it,
and the bug still contains a suggested fix)





Removed tag(s) unreproducible and moreinfo. Request was from Guido Trotter <ultrotter@debian.org> to control@bugs.debian.org. (Thu, 18 Mar 2010 10:39:46 GMT) Full text and rfc822 format available.

Added tag(s) patch. Request was from Stefano Zacchiroli <zack@debian.org> to control@bugs.debian.org. (Fri, 26 Mar 2010 12:36:06 GMT) Full text and rfc822 format available.

Reply sent to Anibal Monsalve Salazar <anibal@debian.org>:
You have taken responsibility. (Thu, 08 Apr 2010 07:48:37 GMT) Full text and rfc822 format available.

Notification sent to Guido Trotter <ultrotter@debian.org>:
Bug acknowledged by developer. (Thu, 08 Apr 2010 07:48:37 GMT) Full text and rfc822 format available.

Message #28 received at 570971-close@bugs.debian.org (full text, mbox):

From: Anibal Monsalve Salazar <anibal@debian.org>
To: 570971-close@bugs.debian.org
Subject: Bug#570971: fixed in ssmtp 2.64-4
Date: Thu, 08 Apr 2010 07:32:09 +0000
Source: ssmtp
Source-Version: 2.64-4

We believe that the bug you reported is fixed in the latest version of
ssmtp, which is due to be installed in the Debian FTP archive:

ssmtp_2.64-4.debian.tar.bz2
  to main/s/ssmtp/ssmtp_2.64-4.debian.tar.bz2
ssmtp_2.64-4.dsc
  to main/s/ssmtp/ssmtp_2.64-4.dsc
ssmtp_2.64-4_amd64.deb
  to main/s/ssmtp/ssmtp_2.64-4_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 570971@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Anibal Monsalve Salazar <anibal@debian.org> (supplier of updated ssmtp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 08 Apr 2010 16:17:50 +1000
Source: ssmtp
Binary: ssmtp
Architecture: source amd64
Version: 2.64-4
Distribution: unstable
Urgency: low
Maintainer: Anibal Monsalve Salazar <anibal@debian.org>
Changed-By: Anibal Monsalve Salazar <anibal@debian.org>
Description: 
 ssmtp      - extremely simple MTA to get mail off the system to a mail hub
Closes: 557948 559900 560397 569003 569654 570971 572154 576535
Changes: 
 ssmtp (2.64-4) unstable; urgency=low
 .
   * Set back permissions as before 2.64-1
     Closes: 570971, 572154, 559900, 557948, 560397
   * Fix pending l10n issues. Debconf translations:
     - Vietnamese (Clytie Siddall). Closes: 569003, 569654
     - Brazilian Portuguese (Jef Lui). Closes: 576535
Checksums-Sha1: 
 04601ef74065fabd3af37cbcae839eba57c7cb21 1769 ssmtp_2.64-4.dsc
 d9a4da995141ce97a07957791f4ce2d428de4e3b 33966 ssmtp_2.64-4.debian.tar.bz2
 b1da50572e774e7c251ada6926ad47061ac3a082 54832 ssmtp_2.64-4_amd64.deb
Checksums-Sha256: 
 73762393f65adf8a633a3aec80bcc830e58c6ab2aad5be52ea002d83592c1bd2 1769 ssmtp_2.64-4.dsc
 b6053112201b11ce31d6ae3ce00be63026bb656a74586a6fec522ed7c5723cf8 33966 ssmtp_2.64-4.debian.tar.bz2
 d15ab9e26f9e41d695c25668317355681e9f4326b208832b9947f0e4df36eb76 54832 ssmtp_2.64-4_amd64.deb
Files: 
 7df20255a033ed85e505f9c273dcd5ce 1769 mail extra ssmtp_2.64-4.dsc
 abf91cfabaf8142e2642532dffdfa88b 33966 mail extra ssmtp_2.64-4.debian.tar.bz2
 d144125e8fd52394bf01e693b30b2d4a 54832 mail extra ssmtp_2.64-4_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQIcBAEBCAAGBQJLvYMkAAoJEHxWrP6UeJfYPkoQAJJD/esWghuhzd3IabYLWsvt
KoDNbe8Vb0p5cvxYTRrqlflZmJHKiGU3YyQ8lXsiafjtUHalFxErJUcB+O2AJXJU
jfrvVwn84O1ec3Uv/eV/eMTkStrJC9wxGuRI0mXVWMn6mo+fvwi7/rko/lrTsHym
FA10cIEZUH6zw5uEQZ6/oHFenuRDHdTv/GcX2UxeOGnNcK7h0lnm1OEpnSAeoT8I
jfzPkMTeRm9mxWdKT/oYcEzoNj4w9KgqxbG401GbKvBc1l7tn0phwkZhF4mANgHq
Y3y28GRbuY9JVqvmSJrG/23AKytYcbQ1oqYAh/GI9SEdhtD/xBQwmVy2KleBZovg
3hBvWCP3ua9qLR+BKPNjtw8gDXpTRD7iI9qgjalyRpbkDaIhK6xlwnZvX6xMnbww
wQR/bA2koM9ohuDHzWLRVqdWw/cFTiwIMR2aZXBQ8/i5n6zcorw7Je6Fz012tX/y
OiYpizBpKOgKWLyvl+p5wTgCLo5DCvuslpGNgA/kW2NyeUANBIU/lay7a62QyPF7
wPg2lSp63F5ayodxS1k/U15mnb8slY73ABmOnvYnBNw1MnSSZkSMprKXXlyfXX4c
2T1ngrNrqm1UEY4P9eOytFNF0iYd2+wy8yNRoknCurUsA1y67iZkAU2GZ+Np6sU2
ALm7afl0IbLgIkJ7vkiq
=dRHv
-----END PGP SIGNATURE-----





Bug No longer marked as fixed in versions ssmtp/2.64-4 and reopened. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 27 Apr 2010 14:15:07 GMT) Full text and rfc822 format available.

Bug Marked as found in versions ssmtp/2.64-4. Request was from Guido Trotter <ultrotter@debian.org> to control@bugs.debian.org. (Tue, 27 Apr 2010 14:18:02 GMT) Full text and rfc822 format available.

Bug No longer marked as found in versions ssmtp/2.64-4. Request was from Guido Trotter <ultrotter@debian.org> to control@bugs.debian.org. (Tue, 27 Apr 2010 14:18:04 GMT) Full text and rfc822 format available.

Bug Marked as fixed in versions ssmtp/2.64-4. Request was from Guido Trotter <ultrotter@debian.org> to control@bugs.debian.org. (Tue, 27 Apr 2010 17:42:04 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Anibal Monsalve Salazar <anibal@debian.org>:
Bug#570971; Package ssmtp. (Wed, 21 Jul 2010 21:48:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Charles Briscoe-Smith <charles@servology.co.uk>:
Extra info received and forwarded to list. Copy sent to Anibal Monsalve Salazar <anibal@debian.org>. (Wed, 21 Jul 2010 21:48:03 GMT) Full text and rfc822 format available.

Message #41 received at 570971@bugs.debian.org (full text, mbox):

From: Charles Briscoe-Smith <charles@servology.co.uk>
To: 570971@bugs.debian.org
Cc: Guido Trotter <ultrotter@debian.org>
Subject: Trying to understand this bug: need more detail to reproduce
Date: Wed, 21 Jul 2010 22:26:36 +0100
Hi,

I've been looking through the recent changes to the Debian ssmtp package
and this bug seems to be quite crucial.

Guido Trotter <ultrotter@debian.org> wrote:
> Version: 2.64-3
[...]
> The recent change to install ssmtp sgid mail broke the possibility to
> use the -C flag to select an alternative config file. This break
> unrelated system configurations (eg, my git couldn't send mail anymore).
> 
> I think -C + suid/sgid is disabled for security reasons, and considering
[...]

However, I've built myself a copy of ssmtp 2.64-3 and have not been able
to reproduce this problem.  I did as follows:

cpbs@aragorn:/tmp$ dpkg-source -x ssmtp_2.64-3.dsc
cpbs@aragorn:/tmp$ cd ssmtp-2.64
cpbs@aragorn:/tmp/ssmtp-2.64$ debian/rules clean; debian/rules build
cpbs@aragorn:/tmp/ssmtp-2.64$ sudo chgrp root ssmtp; sudo chmod g+s ssmtp

then:

cpbs@aragorn:/tmp/ssmtp-2.64$ ls -l ssmtp
-rwxrwsr-x 1 cpbs root 67932 2010-07-21 20:11 ssmtp
cpbs@aragorn:/tmp/ssmtp-2.64$ echo mailhub=invalid > test.conf
cpbs@aragorn:/tmp/ssmtp-2.64$ echo test | ./ssmtp -C ./test.conf root
ssmtp: Cannot open invalid:25

...which shows that the setgid ssmtp binary is successfully parsing
test.conf.

From what Guido said in his original report, I was expecting an error
message from ssmtp when passing -C to a setgid ssmtp binary, but I do
not see that.

I was expecting to find a test somewhere in ssmtp.c which, if it
determined that ssmtp had been run setgid ("getgid() != getegid()")
and the -C option was being parsed, would die with an error message.
That would, I think, produce a behaviour matching the description in
this bug report.

My plan was to change this so that, if ssmtp was run setgid and -C was
specified, ssmtp would give up its setgid privileges ("setgid(getgid())")
before opening its config file; this would allow ssmtp to read its default
config file with elevated permissions, but also to allow users to call
it with their own private config files if required without allowing
them to use this to read files they shouldn't be able to.  This would,
I think, provide a solution to all these related bugs at once, *if*
I'm understanding this bug correctly; the description of the bug is not
specific enough to enable me to reproduce it though.

Guido, can you describe in more detail what the symptoms of this bug were?
If you can quote an error message that would help me find the code I'm
interested in.

(I don't know whether Debian keeps sources of intermediate versions
of package for any length of time these days; I found version 2.64-3
at https://www.securehost.com/mirror/debian/pool/main/s/ssmtp/
and verifying against the checksums found at the end of
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567906.)

Thanks,

-- 
Charles Briscoe-Smith




Information forwarded to debian-bugs-dist@lists.debian.org, Anibal Monsalve Salazar <anibal@debian.org>:
Bug#570971; Package ssmtp. (Wed, 11 Aug 2010 16:00:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Guido Trotter <ultrotter@debian.org>:
Extra info received and forwarded to list. Copy sent to Anibal Monsalve Salazar <anibal@debian.org>. (Wed, 11 Aug 2010 16:00:06 GMT) Full text and rfc822 format available.

Message #46 received at 570971@bugs.debian.org (full text, mbox):

From: Guido Trotter <ultrotter@debian.org>
To: Charles Briscoe-Smith <charles@servology.co.uk>
Cc: 570971@bugs.debian.org
Subject: Re: Trying to understand this bug: need more detail to reproduce
Date: Wed, 11 Aug 2010 17:53:38 +0200
On Wed, Jul 21, 2010 at 10:26:36PM +0100, Charles Briscoe-Smith wrote:

Hi Charles,

> However, I've built myself a copy of ssmtp 2.64-3 and have not been able
> to reproduce this problem.  I did as follows:
> 
> cpbs@aragorn:/tmp$ dpkg-source -x ssmtp_2.64-3.dsc
> cpbs@aragorn:/tmp$ cd ssmtp-2.64
> cpbs@aragorn:/tmp/ssmtp-2.64$ debian/rules clean; debian/rules build
> cpbs@aragorn:/tmp/ssmtp-2.64$ sudo chgrp root ssmtp; sudo chmod g+s ssmtp
> 
> then:
> 
> cpbs@aragorn:/tmp/ssmtp-2.64$ ls -l ssmtp
> -rwxrwsr-x 1 cpbs root 67932 2010-07-21 20:11 ssmtp
> cpbs@aragorn:/tmp/ssmtp-2.64$ echo mailhub=invalid > test.conf
> cpbs@aragorn:/tmp/ssmtp-2.64$ echo test | ./ssmtp -C ./test.conf root
> ssmtp: Cannot open invalid:25
> 

Looking better at the situation it looks like this might break because my
config file resides on an encfs fuse filesystem. If I move it to some other
place it seems to be working. Also the error is just:

sendmail: Cannot open mailhub:25

Rather than any explicit exiting.

> I was expecting to find a test somewhere in ssmtp.c which, if it
> determined that ssmtp had been run setgid ("getgid() != getegid()")
> and the -C option was being parsed, would die with an error message.
> That would, I think, produce a behaviour matching the description in
> this bug report.
> 

Well, no, that didn't ever happen. No explicit exit, just dies trying its
internal default, in my case.

> (I don't know whether Debian keeps sources of intermediate versions
> of package for any length of time these days; I found version 2.64-3
> at https://www.securehost.com/mirror/debian/pool/main/s/ssmtp/
> and verifying against the checksums found at the end of
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567906.)
> 

Debian keeps them at snapshop.debian.org. I think your proposed patch of dropping privileges if an alternate config file would be fine.
I'd recommend it to contribute it upstream, rather than in Debian, though, so we don't diverge.

Thanks,

Guido





Information forwarded to debian-bugs-dist@lists.debian.org, Anibal Monsalve Salazar <anibal@debian.org>:
Bug#570971; Package ssmtp. (Fri, 18 Nov 2011 21:09:23 GMT) Full text and rfc822 format available.

Acknowledgement sent to Hector Oron <zumbi@debian.org>:
Extra info received and forwarded to list. Copy sent to Anibal Monsalve Salazar <anibal@debian.org>. (Fri, 18 Nov 2011 21:09:24 GMT) Full text and rfc822 format available.

Message #51 received at 570971@bugs.debian.org (full text, mbox):

From: Hector Oron <zumbi@debian.org>
To: Guido Trotter <ultrotter@debian.org>, 570971@bugs.debian.org
Subject: Re: Bug#570971: Trying to understand this bug: need more detail to reproduce
Date: Fri, 18 Nov 2011 21:04:25 +0000
[Message part 1 (text/plain, inline)]
retitle ssmtp: cannot read alternative config files stored in encfs fuse filesystem.
tags 570971 + moreinfo - patch
severity 570971 important
thanks

Hello,

On Wed, Aug 11, 2010 at 05:53:38PM +0200, Guido Trotter wrote:
 
> Looking better at the situation it looks like this might break because my
> config file resides on an encfs fuse filesystem. If I move it to some other
> place it seems to be working. Also the error is just:

I am lowering severity based on your comments, it does not seem to be critical.

Cheers,
-- 
 Héctor Orón

[signature.asc (application/pgp-signature, inline)]

Added tag(s) moreinfo. Request was from Hector Oron <zumbi@debian.org> to control@bugs.debian.org. (Fri, 18 Nov 2011 21:09:26 GMT) Full text and rfc822 format available.

Removed tag(s) patch. Request was from Hector Oron <zumbi@debian.org> to control@bugs.debian.org. (Fri, 18 Nov 2011 21:09:27 GMT) Full text and rfc822 format available.

Severity set to 'important' from 'critical' Request was from Hector Oron <zumbi@debian.org> to control@bugs.debian.org. (Fri, 18 Nov 2011 21:09:28 GMT) Full text and rfc822 format available.

Changed Bug title to 'ssmtp: cannot read alternative config files stored in encfs fuse filesystem' from 'Cannot read alternative config files anymore' Request was from Hector Oron <zumbi@debian.org> to control@bugs.debian.org. (Fri, 18 Nov 2011 21:33:02 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 23:21:25 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.