[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#201234: ITP: esmtp -- User configurable relay-only MTA

In article <9hl6.1tR.7@gated-at.bofh.it>, Andreas Metzler wrote:
> Hello,
> Just browsing over the diff, there is not missing much. :-)


> * debian/control:
> Depends: ${shlibs:Depends}, debconf
> As you are using dh_installdebconf you can replace "debconf" with
> ${misc:Depends}, which will insert the correct versioned Depends.
> Your Build-Depends are insufficient. Afaict you need to add flex,
> bison and libesmtp-dev.

Forgot about those.

> * Debconf.
>|Quoting esmtprc(5)
>| The options format is:
>|            keyword=value
>| The equal sign is optional and can be replaced by whitespace. The
>| value may be enclosed in simple or double quotes, in which case
>| special characters can be escaped as in normal C strings.
> If you used single-quotes you should be able to  _parse_ this file
> (*basically* just source everthing up to the first "identity" tag
> after doublechecking quoting and format) in your postinst and do proper
> configuration file handling as described in the debconf-devel manpage,
> getting rid of the ugly:
>| Template: esmtp/overwriteconfig
>| Description: Automatically overwrite configuration files?

Ok. I'll try do as suggested. Do you happen to remeber another debian
package which does that that I can refer to?

> /etc/esmtprc should not be publically readable per default.

Well this is a very tricky issue. Esmtp is not installed setuid nor will
I ever dare to - it's just a too big security. I can think of several
holes (use of popen for the MDA, the SMTP traffic dump on the log file),
so I can only imagine how many more security holes there could be,
without mentioning libESMTP which probably wasn't designed with such
issues in mind.

For local delivery it's not necessary to have setuid privileges provided
the MDA has them (the default on Debian). So my stand (included at the
esmtprc man page) is:

  "Do not set passwords on the system configuration file unless you are
  the sole user of that machine. Esmtp is not run with suid privileges
  therefore the system configuration file must be readable by everyone."

That is, the user should set the personal ~/.esmtprc with his personal
SMTP account(s) details.

So, does this mean I should add this warning to the template, or should
I remove the username/password input alltogether?


José Fonseca

Reply to: