Hi Sergey, On 8 October 2017 at 14:56, Bjørn Forsman <bjorn.fors...@gmail.com> wrote: > Hi Sergey, > > On 8 October 2017 at 14:39, Sergey Poznyakoff <g...@gnu.org.ua> wrote: >> Hi Bjørn, >> >>> For packaging mailutils in Nix/NixOS I/we would like to have the >>> "mail" program lookup the path to "sendmail" at runtime via the $PATH >>> environment variable. >> >> Have you considered the security implications of such a move? > > My reasoning is that as long as "mail" is not setuid root (or anything > that elevates the privileges of the user invoking it), there is no > security issue. But I'm actually not that familiar with "mail"... does > it ever get installed setuid? (Currently it doesn't on NixOS.) > > Do you see any issues?
Can you confirm whether this is an issue? I looked closer at how mailutils is built in Nixpkgs and noticed that Makefile.in/am files are patched with "s/chmod [24]755/chmod 0755/". (That's due to the multi-user (unprivileged) package manager security model of Nixpkgs/NixOS; packages are built and installed unprivileged and if a program needs setuid, a setuid wrapper program is made at the OS level, which only an admin user is allowed to set up.) Looking into which utils use setuid/gid I find: $ grep -rn "chmod.*755" mailutils-3.2/ mailutils-3.2/maidag/Makefile.in:1514: chmod 4755 $(DESTDIR)$(sbindir)/$$i;\ mailutils-3.2/maidag/Makefile.am:64: chmod 4755 $(DESTDIR)$(sbindir)/$$i;\ mailutils-3.2/dotlock/Makefile.in:1335: chmod 2755 $(DESTDIR)$(bindir)/$$i;\ mailutils-3.2/dotlock/Makefile.am:30: chmod 2755 $(DESTDIR)$(bindir)/$$i;\ So in the end, only "maidag" and "dotlock" use setuid/gid, not "mail"? Best regards, Bjørn Forsman _______________________________________________ Bug-mailutils mailing list Bug-mailutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-mailutils
