Hello
On 2021-06-19 9:52 a.m., nodiscc wrote:
I found 4 msmtp repositories on salsa.debian.org, is it this one?
https://salsa.debian.org/kolter/msmtp
Yes, ^ that's the one. Thanks
Simon
Hi,
I recently switched from the old, world-readable /etc/msmtprc file, to
root:msmtp ownership+sgid bit
After quickly reading this bug report I think the best solution is to
warn about this limitation in the docs (and maybe changelog).
> ...
> # chmod 0640 /etc/msmtprc
> # chgrp msmtp
On 2021-02-17 8:30 p.m., Simon McVittie wrote:
On Wed, 17 Feb 2021 at 18:01:26 -0500, Simon Deziel wrote:
1) you are worried that since msmtp wasn't written with setgid in mind,
there's a risk of someone elevating their privileges to $USER:msmtp to
execute code
=> Doesn't that just give you
On Wed, 17 Feb 2021 at 18:01:26 -0500, Simon Deziel wrote:
> 1) you are worried that since msmtp wasn't written with setgid in mind,
> there's a risk of someone elevating their privileges to $USER:msmtp to
> execute code
>
> => Doesn't that just give you read access to /etc/msmtprc?
I don't
On 2021-02-03 7:26 a.m., Simon McVittie wrote:
On Tue, 05 Nov 2019 at 10:02:23 -0500, Simon Deziel wrote:
On 2019-11-05 9:29 a.m., Jakub Wilk wrote:
If /etc/msmtprc is readable by group msmtp (as suggested in
README.Debian), any user can acquire password from that file
Nice catch! Having
On Wed, 3 Feb 2021 12:26:23 + Simon McVittie
wrote:
> For now, GLib upstream has partially reverted that change, weakening
the
> security hardening in order to fix the regression, and I'm going to
do
> the same in Debian. This should stop msmtp from regressing in terms
of
> which features
On Tue, 05 Nov 2019 at 10:02:23 -0500, Simon Deziel wrote:
> On 2019-11-05 9:29 a.m., Jakub Wilk wrote:
> > If /etc/msmtprc is readable by group msmtp (as suggested in
> > README.Debian), any user can acquire password from that file
>
> Nice catch! Having /etc/msmtprc group readable is AFAIK, a
Hi Jakub,
On 2019-11-05 9:29 a.m., Jakub Wilk wrote:
> Package: msmtp
> Version: 1.8.6-1
> Tags: security
>
> If /etc/msmtprc is readable by group msmtp (as suggested in
> README.Debian), any user can acquire password from that file:
>
> $ ls -l /etc/msmtprc
> -rw-r- 1 root msmtp 86 Nov
On 2019-11-05 3:30 p.m., Jakub Wilk wrote:
> * Simon Deziel , 2019-11-05, 10:02:
>> Having /etc/msmtprc group readable is AFAIK, a "debianism".
>
> This is my understanding, too.
>
>> I don't know if upstream endorses this method of restricting access to
>> the default account's password.
>
> I
* Simon Deziel , 2019-11-05, 10:02:
Having /etc/msmtprc group readable is AFAIK, a "debianism".
This is my understanding, too.
I don't know if upstream endorses this method of restricting access to
the default account's password.
I don't belive they do.
That said, I think it would be
Package: msmtp
Version: 1.8.6-1
Tags: security
If /etc/msmtprc is readable by group msmtp (as suggested in
README.Debian), any user can acquire password from that file:
$ ls -l /etc/msmtprc
-rw-r- 1 root msmtp 86 Nov 5 15:06 /etc/msmtprc
$ cat /etc/msmtprc
cat: /etc/msmtprc:
11 matches
Mail list logo