#570971 ssmtp: cannot read alternative config files stored in encfs fuse filesystem

Package:
ssmtp
Source:
ssmtp
Description:
extremely simple MTA to get mail off the system to a mail hub
Submitter:
Guido Trotter
Date:
2011-11-18 21:33:03 UTC
Severity:
important
#570971#5
Date:
2010-02-22 14:28:57 UTC
From:
To:
Hi,

The recent change to install ssmtp sgid mail broke the possibility to
use the -C flag to select an alternative config file. This break
unrelated system configurations (eg, my git couldn't send mail anymore).

I think -C + suid/sgid is disabled for security reasons, and considering
I've been keeping my passwords secure by putting them in separate files
and calling ssmtp with -C (which means I can also use different
mailhubs) this broke my setup. Removing the sgid bit fixed the problem.

Please install the /etc config file as readable by anybody, and revert
the sgid fix (so that #567906 is not broken again) and then add a
comment there explaining how to change it that way if one wants, and the
-C option as well, and that it's otherwise unsecure to put passwords
there. Then the sgid change can be reverted.

Thanks
#570971#10
Date:
2010-03-14 10:08:46 UTC
From:
To:
tags 570971 + moreinfo unreproducible - patch
thanks

Hi Guido, (hi Anibal),

The -C option works for me with 2.64-3 + patch from #572154:

# cp /etc/ssmtp/ssmtp.conf /etc/ssmtp/ssmtp-1.conf
# vi /etc/ssmtp/ssmtp.conf (change mailhub to invaild place)

Create a test file contain:
----------------------
To:ajqlee@debian.org
Subject: Test

This is a test mail.
----------------------

# ssmtp -t < test
ssmtp: Cannot open invaild:25

# ssmtp -C/etc/ssmtp/ssmtp-1.conf -t < test

Then I got the mail.

Hello from Thailand Mini-DebCamp 2010 BSP:
http://wiki.debian.org/DebianThailand/MiniDebCamp2010/BSP

Cheers,
#570971#19
Date:
2010-03-18 10:31:59 UTC
From:
To:
tags 570971 + path - unreproducible moreinfo
thanks

Hi,

I think you might be trying that while running as root. What this breaks is
non-root users having each his own configuration (or more than one per user,
depending on the account)

Thanks,

Guido

(reverting the tag changes as I'm providing more info on how to reproduce it,
and the bug still contains a suggested fix)
#570971#28
Date:
2010-04-08 07:32:09 UTC
From:
To:
We believe that the bug you reported is fixed in the latest version of
ssmtp, which is due to be installed in the Debian FTP archive:

ssmtp_2.64-4.debian.tar.bz2
  to main/s/ssmtp/ssmtp_2.64-4.debian.tar.bz2
ssmtp_2.64-4.dsc
  to main/s/ssmtp/ssmtp_2.64-4.dsc
ssmtp_2.64-4_amd64.deb
  to main/s/ssmtp/ssmtp_2.64-4_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 570971@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Anibal Monsalve Salazar <anibal@debian.org> (supplier of updated ssmtp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
Format: 1.8
Date: Thu, 08 Apr 2010 16:17:50 +1000
Source: ssmtp
Binary: ssmtp
Architecture: source amd64
Version: 2.64-4
Distribution: unstable
Urgency: low
Maintainer: Anibal Monsalve Salazar <anibal@debian.org>
Changed-By: Anibal Monsalve Salazar <anibal@debian.org>
Description:
 ssmtp      - extremely simple MTA to get mail off the system to a mail hub
Closes: 557948 559900 560397 569003 569654 570971 572154 576535
Changes:
 ssmtp (2.64-4) unstable; urgency=low
 .
   * Set back permissions as before 2.64-1
     Closes: 570971, 572154, 559900, 557948, 560397
   * Fix pending l10n issues. Debconf translations:
     - Vietnamese (Clytie Siddall). Closes: 569003, 569654
     - Brazilian Portuguese (Jef Lui). Closes: 576535
Checksums-Sha1:
 04601ef74065fabd3af37cbcae839eba57c7cb21 1769 ssmtp_2.64-4.dsc
 d9a4da995141ce97a07957791f4ce2d428de4e3b 33966 ssmtp_2.64-4.debian.tar.bz2
 b1da50572e774e7c251ada6926ad47061ac3a082 54832 ssmtp_2.64-4_amd64.deb
Checksums-Sha256:
 73762393f65adf8a633a3aec80bcc830e58c6ab2aad5be52ea002d83592c1bd2 1769 ssmtp_2.64-4.dsc
 b6053112201b11ce31d6ae3ce00be63026bb656a74586a6fec522ed7c5723cf8 33966 ssmtp_2.64-4.debian.tar.bz2
 d15ab9e26f9e41d695c25668317355681e9f4326b208832b9947f0e4df36eb76 54832 ssmtp_2.64-4_amd64.deb
Files:
 7df20255a033ed85e505f9c273dcd5ce 1769 mail extra ssmtp_2.64-4.dsc
 abf91cfabaf8142e2642532dffdfa88b 33966 mail extra ssmtp_2.64-4.debian.tar.bz2
 d144125e8fd52394bf01e693b30b2d4a 54832 mail extra ssmtp_2.64-4_amd64.deb
iQIcBAEBCAAGBQJLvYMkAAoJEHxWrP6UeJfYPkoQAJJD/esWghuhzd3IabYLWsvt
KoDNbe8Vb0p5cvxYTRrqlflZmJHKiGU3YyQ8lXsiafjtUHalFxErJUcB+O2AJXJU
jfrvVwn84O1ec3Uv/eV/eMTkStrJC9wxGuRI0mXVWMn6mo+fvwi7/rko/lrTsHym
FA10cIEZUH6zw5uEQZ6/oHFenuRDHdTv/GcX2UxeOGnNcK7h0lnm1OEpnSAeoT8I
jfzPkMTeRm9mxWdKT/oYcEzoNj4w9KgqxbG401GbKvBc1l7tn0phwkZhF4mANgHq
Y3y28GRbuY9JVqvmSJrG/23AKytYcbQ1oqYAh/GI9SEdhtD/xBQwmVy2KleBZovg
3hBvWCP3ua9qLR+BKPNjtw8gDXpTRD7iI9qgjalyRpbkDaIhK6xlwnZvX6xMnbww
wQR/bA2koM9ohuDHzWLRVqdWw/cFTiwIMR2aZXBQ8/i5n6zcorw7Je6Fz012tX/y
OiYpizBpKOgKWLyvl+p5wTgCLo5DCvuslpGNgA/kW2NyeUANBIU/lay7a62QyPF7
wPg2lSp63F5ayodxS1k/U15mnb8slY73ABmOnvYnBNw1MnSSZkSMprKXXlyfXX4c
2T1ngrNrqm1UEY4P9eOytFNF0iYd2+wy8yNRoknCurUsA1y67iZkAU2GZ+Np6sU2
ALm7afl0IbLgIkJ7vkiq
=dRHv
-----END PGP SIGNATURE-----
#570971#41
Date:
2010-07-21 21:26:36 UTC
From:
To:
Hi,

I've been looking through the recent changes to the Debian ssmtp package
and this bug seems to be quite crucial.

Guido Trotter <ultrotter@debian.org> wrote:
[...]
[...]

However, I've built myself a copy of ssmtp 2.64-3 and have not been able
to reproduce this problem.  I did as follows:

cpbs@aragorn:/tmp$ dpkg-source -x ssmtp_2.64-3.dsc
cpbs@aragorn:/tmp$ cd ssmtp-2.64
cpbs@aragorn:/tmp/ssmtp-2.64$ debian/rules clean; debian/rules build
cpbs@aragorn:/tmp/ssmtp-2.64$ sudo chgrp root ssmtp; sudo chmod g+s ssmtp

then:

cpbs@aragorn:/tmp/ssmtp-2.64$ ls -l ssmtp
-rwxrwsr-x 1 cpbs root 67932 2010-07-21 20:11 ssmtp
cpbs@aragorn:/tmp/ssmtp-2.64$ echo mailhub=invalid > test.conf
cpbs@aragorn:/tmp/ssmtp-2.64$ echo test | ./ssmtp -C ./test.conf root
ssmtp: Cannot open invalid:25

...which shows that the setgid ssmtp binary is successfully parsing
test.conf.

From what Guido said in his original report, I was expecting an error
message from ssmtp when passing -C to a setgid ssmtp binary, but I do
not see that.

I was expecting to find a test somewhere in ssmtp.c which, if it
determined that ssmtp had been run setgid ("getgid() != getegid()")
and the -C option was being parsed, would die with an error message.
That would, I think, produce a behaviour matching the description in
this bug report.

My plan was to change this so that, if ssmtp was run setgid and -C was
specified, ssmtp would give up its setgid privileges ("setgid(getgid())")
before opening its config file; this would allow ssmtp to read its default
config file with elevated permissions, but also to allow users to call
it with their own private config files if required without allowing
them to use this to read files they shouldn't be able to.  This would,
I think, provide a solution to all these related bugs at once, *if*
I'm understanding this bug correctly; the description of the bug is not
specific enough to enable me to reproduce it though.

Guido, can you describe in more detail what the symptoms of this bug were?
If you can quote an error message that would help me find the code I'm
interested in.

(I don't know whether Debian keeps sources of intermediate versions
of package for any length of time these days; I found version 2.64-3
at https://www.securehost.com/mirror/debian/pool/main/s/ssmtp/
and verifying against the checksums found at the end of
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567906.)

Thanks,
#570971#46
Date:
2010-08-11 15:53:38 UTC
From:
To:
On Wed, Jul 21, 2010 at 10:26:36PM +0100, Charles Briscoe-Smith wrote:

Hi Charles,

Looking better at the situation it looks like this might break because my
config file resides on an encfs fuse filesystem. If I move it to some other
place it seems to be working. Also the error is just:

sendmail: Cannot open mailhub:25

Rather than any explicit exiting.

Well, no, that didn't ever happen. No explicit exit, just dies trying its
internal default, in my case.

Debian keeps them at snapshop.debian.org. I think your proposed patch of dropping privileges if an alternate config file would be fine.
I'd recommend it to contribute it upstream, rather than in Debian, though, so we don't diverge.

Thanks,

Guido
#570971#51
Date:
2011-11-18 21:04:25 UTC
From:
To:
retitle ssmtp: cannot read alternative config files stored in encfs fuse filesystem.
tags 570971 + moreinfo - patch
severity 570971 important
thanks

Hello,

I am lowering severity based on your comments, it does not seem to be critical.

Cheers,