Hi, I recently switched from the old, world-readable /etc/msmtprc file, to root:msmtp ownership+sgid bit
After quickly reading this bug report I think the best solution is to warn about this limitation in the docs (and maybe changelog). > ... > # chmod 0640 /etc/msmtprc > # chgrp msmtp /etc/msmtprc > > And the msmtp binary can be "setgid" to execute as the "msmtp" group. > > CAUTION: the setgid protection mechanism can easily be worked around by > any user with the ability to run the msmstp command, for example: > msmtp --debug nob...@example.org < /dev/null (see Debian bug #944188) > If the SMTP credentials need better protection, please consider a > different MTA like exim or postfix that offer clear security > boundaries. I think the current sgid mechanism is still better than having the file world-readable (an attacker must be able to execute arbitrary commands instead of just being able to read world-readable files) The sgid bit itself can also probably be abused (because the program is not written in a safe/paranoid way) to run arbitrary commands as effective group id msmtp, but as far a I know the only special privileges for this group in a standard install is to, well, read /etc/msmtprc I'd like to send a patch for the documentation, but where is the Debian package source? I found 4 msmtp repositories on salsa.debian.org, is it this one? https://salsa.debian.org/kolter/msmtp Thanks
