diff mbox series

sendEmail-1.56-1

Message ID	q34ojn$jm5$1@tuscan3.grantura.co.uk
State	Dropped
Headers	To: development@lists.ipfire.org From: Bob Brewer <ipfire-devel@grantura.co.uk> Newsgroups: grantura.local.ipfire-devel Subject: sendEmail-1.56-1 Date: Sat, 02 Feb 2019 18:47:19 +0000 Organization: Megadodo Publications Lines: 28 Message-ID: <q34ojn$jm5$1@tuscan3.grantura.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 7Bit User-Agent: KNode/4.14.10 ipnet: 217.169.0.0/19(-3.87), asn: 20712(-3.10), country: GB(-0.06)]; BAYES_HAM(-3.00)[100.00%]; DMARC_NA(0.00)[grantura.co.uk]; NEURAL_HAM(-2.06)[-0.688,0]; R_SPF_NA(0.00)[]; FORGED_SENDER(0.30)[ipfire-devel@grantura.co.uk,news@tuscan3.grantura.co.uk]; R_DKIM_NA(0.00)[]; CTE_CASE(0.50)[]; ASN(0.00)[asn:20712, ipnet:217.169.0.0/19, country:GB]; FROM_NEQ_ENVFROM(0.00)[ipfire-devel@grantura.co.uk,news@tuscan3.grantura.co.uk]; RCVD_TLS_LAST(0.00)[] Precedence: list Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org>
Series	sendEmail-1.56-1 \| sendEmail-1.56-1

Commit Message

Rob Brewer Feb. 3, 2019, 5:47 a.m. UTC

  I installed the sendEmail addon with pakfire which installs 
/usr/local/bin/sendEmail OK but I think it has incorrect owners and 
permissions.

As installed it has:
-rwxr-xr-x 1   503 tape   80215 Dec  6  2012 sendEmail

which I think should be:
-rwsr-x--- 1 root  nobody 80215 Dec  6  2012 sendEmail

This patch to lfs/sendEmail should correct it

HTH

Rob

Comments

Michael Tremer Feb. 6, 2019, 10:13 p.m. UTC | #1

Hi,

Thanks for sending the patch.

I agree that 503.tape is incorrect, but would say that sendEmail should be owned by root.root and have 755 as permissions.

Why does the script need to become root when it is being executed by nobody? I think that is a security risk.

-Michael

> On 2 Feb 2019, at 18:47, Bob Brewer <ipfire-devel@grantura.co.uk> wrote:
> 
> I installed the sendEmail addon with pakfire which installs 
> /usr/local/bin/sendEmail OK but I think it has incorrect owners and 
> permissions.
> 
> As installed it has:
> -rwxr-xr-x 1   503 tape   80215 Dec  6  2012 sendEmail
> 
> which I think should be:
> -rwsr-x--- 1 root  nobody 80215 Dec  6  2012 sendEmail
> 
> This patch to lfs/sendEmail should correct it
> 
> diff -u lfs/sendEmail lfs/sendEmail.1 
> --- lfs/sendEmail       2019-01-20 10:07:56.128391962 +0000
> +++ lfs/sendEmail.1     2019-02-02 18:08:58.823295469 +0000
> @@ -63,7 +63,8 @@
>        @$(PREBUILD)
>        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
>        cd $(DIR_APP) && cp -pvf sendEmail /usr/local/bin
> -       chmod 755 /usr/local/bin/sendEmail
> +       chown root.nobody /usr/local/bin/sendEmail
> +       chmod 04750 /usr/local/bin/sendEmail
>        @rm -rf $(DIR_APP)
>        @$(POSTBUILD)
> 
> HTH
> 
> Rob
>

diff mbox series

Patch

diff -u lfs/sendEmail lfs/sendEmail.1 
--- lfs/sendEmail       2019-01-20 10:07:56.128391962 +0000
+++ lfs/sendEmail.1     2019-02-02 18:08:58.823295469 +0000
@@ -63,7 +63,8 @@ 
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
        cd $(DIR_APP) && cp -pvf sendEmail /usr/local/bin
-       chmod 755 /usr/local/bin/sendEmail
+       chown root.nobody /usr/local/bin/sendEmail
+       chmod 04750 /usr/local/bin/sendEmail
        @rm -rf $(DIR_APP)
        @$(POSTBUILD)