services: opensmtpd: Fix the setgid problem for the smtpctl utility.

  • Done
  • quality assurance status badge
Details
5 participants
  • Brice Waegeneire
  • Jonathan Brielmaier
  • Christopher Baines
  • maxim.cournoyer
  • Tobias Geerinckx-Rice
Owner
unassigned
Submitted by
maxim.cournoyer
Severity
normal
M
M
maxim.cournoyer wrote on 8 Jun 2020 19:46
(name . guix-patches)(address . guix-patches@gnu.org)(name . Christopher Baines)(address . mail@cbaines.net)
87eeqpih6q.fsf@hurd.i-did-not-set--mail-host-address--so-tickle-me
Hello!

The following patches provide a mean to specify a user and group for a
setuid program, and uses that to fix a setgid permission issue in the
context of the opensmtpd service.

Christopher, you should be able to leverage this new facility to
configure the uid/gid of the sendmail program to that of the smtpq user,
like this:

Toggle snippet (6 lines)
(operating-system)
[...]
(setuid-programs (cons (list (file-append sendmail "/usr/sbin/sendmail") "smtpq")
%setuid-programs))

The smtpq user is created as part of the OpenSMTPD service definition.

Thank you,
Attachment: 0001-services-Allow-configuring-the-ownership-of-setuid-p.patch
From 01c1ab83bf6f5a8158a993de2fa0048f6d172a73 Mon Sep 17 00:00:00 2001
From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Date: Sun, 7 Jun 2020 23:49:25 -0400
Subject: [PATCH 2/3] services: opensmtpd: Remove unused binding.

* gnu/services/mail.scm (opensmtpd-activation): Remove unused SMTPD variable
binding.
---
gnu/services/mail.scm | 17 ++++++++---------
1 file changed, 8 insertions(+), 9 deletions(-)

Toggle diff (30 lines)
diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm
index cfcaf4601b..7c49d99e9f 100644
--- a/gnu/services/mail.scm
+++ b/gnu/services/mail.scm
@@ -1665,15 +1665,14 @@ match from local for any action outbound
(define opensmtpd-activation
(match-lambda
(($ <opensmtpd-configuration> package config-file)
- (let ((smtpd (file-append package "/sbin/smtpd")))
- #~(begin
- (use-modules (guix build utils))
- ;; Create mbox and spool directories.
- (mkdir-p "/var/mail")
- (mkdir-p "/var/spool/smtpd")
- (chmod "/var/spool/smtpd" #o711)
- (mkdir-p "/var/spool/mail")
- (chmod "/var/spool/mail" #o711))))))
+ #~(begin
+ (use-modules (guix build utils))
+ ;; Create mbox and spool directories.
+ (mkdir-p "/var/mail")
+ (mkdir-p "/var/spool/smtpd")
+ (chmod "/var/spool/smtpd" #o711)
+ (mkdir-p "/var/spool/mail")
+ (chmod "/var/spool/mail" #o711)))))
(define %opensmtpd-pam-services
(list (unix-pam-service "smtpd")))
--
2.26.2
From 52a1a031e6a7c0196cf17d0bd32061d02b453df8 Mon Sep 17 00:00:00 2001
From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Date: Sun, 7 Jun 2020 23:52:00 -0400
Subject: [PATCH 3/3] services: opensmtpd: Fix the setgid problem for the
smtpctl utility.

The utility was complaining that it wasn't setgid to the group ID of the
"smtpq" group.

* gnu/services/mail.scm (opensmtpd-service-type): Extend the
setuid-program-service-type with the smtpctl program.
---
gnu/services/mail.scm | 7 +++++++
1 file changed, 7 insertions(+)

Toggle diff (27 lines)
diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm
index 7c49d99e9f..96efbd951d 100644
--- a/gnu/services/mail.scm
+++ b/gnu/services/mail.scm
@@ -1662,6 +1662,11 @@ match from local for any action outbound
(home-directory "/var/empty")
(shell (file-append shadow "/sbin/nologin")))))
+(define (opensmtpd-setuid-programs opensmtpd-configuration)
+ (let ((smtpctl (file-append (opensmtpd-configuration-package
+ opensmtpd-configuration) "/sbin/smtpctl")))
+ (list (list smtpctl "smtpq"))))
+
(define opensmtpd-activation
(match-lambda
(($ <opensmtpd-configuration> package config-file)
@@ -1683,6 +1688,8 @@ match from local for any action outbound
(extensions
(list (service-extension account-service-type
(const %opensmtpd-accounts))
+ (service-extension setuid-program-service-type
+ opensmtpd-setuid-programs)
(service-extension activation-service-type
opensmtpd-activation)
(service-extension pam-root-service-type
--
2.26.2
Maxim
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEJ9WGpPiQCFQyn/CfEmDkZILmNWIFAl7eeX0ACgkQEmDkZILm
NWJXDg/+JGbUaMn8GMdk4Ek1ZJSsZusQWvzXR+ie82wLZ51LtpuAmNmtFeYiODe7
UYMVZGXTLhRqhwxdEoQUE6+i1H1Y3qj9D8nl6223/ZU63czuFb7JiQ6QmeU6KGao
Un/yVZyERznxeUUvqZQlH3oPLQglvc1K2w+zcAhdcCf2GJjJjkGoOrvI5hQ/sueh
/E8GG71FqGPMT3MRaHc7G4T1GDAXFlHK9YmLwFzRLPnEAQMVlMidw8EgKd7g1ZWT
tE+1iQbyrNpodDHUDTotWUtFxKmyFovm3ct3K3xFs3Ao6EwVZfJqNvNJlx7O6IiH
Nat8Z5H0zZ6MwCiEJToetZfNSG+rRX0jpGwDRDBx6hwXxCEslHUGbyBGyZlQQuji
PYYpqWzQYAzpv8ijnsIYYFoowopABGfvZlWTtXBgLyNETgli1pQTxT5H/a8Tkm7t
ySDI9+2nPnJilirnTUFynspUWL0oYzJExi5ZLnt1yNU9mwmFTKecM2mx5q6wjXBY
erTN+2JwfW7X2Nrb8JNJKHoDBUJpGmj8lvIZoTcB4B46vkDzCcC497fpFaGAuh3f
kO6TC+NABNncXRGTsaf5rIS7HwIFBZkfmrNTaEX4AwFzzo8D7RZ3q8kW/m9LgEzR
zvyW3CVQBoKiqyoPoxTum0Bsw7FG8YrhWoj7ECdQwzHY7qj5OJs=
=FFdP
-----END PGP SIGNATURE-----

C
C
Christopher Baines wrote on 11 Jun 2020 21:20
(address . maxim.cournoyer@gmail.com)(address . 41763@debbugs.gnu.org)
87v9jx8l5l.fsf@cbaines.net
maxim.cournoyer@gmail.com writes:

Toggle quote (22 lines)
> The following patches provide a mean to specify a user and group for a
> setuid program, and uses that to fix a setgid permission issue in the
> context of the opensmtpd service.
>
> Christopher, you should be able to leverage this new facility to
> configure the uid/gid of the sendmail program to that of the smtpq user,
> like this:
>
> --8<---------------cut here---------------start------------->8---
> (operating-system)
> [...]
> (setuid-programs (cons (list (file-append sendmail "/usr/sbin/sendmail") "smtpq")
> %setuid-programs))
> --8<---------------cut here---------------end--------------->8---
>
> The smtpq user is created as part of the OpenSMTPD service definition.
>
> Thank you,
>
>
> Maxim

Well, thank you for looking in to this Maxim. I've had a brief look
through the patches, although I don't know enough about this area to
comment properly on them.

I wonder if it's worth using a record type to make it possible to pass
the user and group values to the service. That would probably result in
more readable configuration than just using a list of varying length.

Specifically on the diff:

- (list #$@programs))))))
+ (quote (#$@programs)))))))

This change here will mean that you can't pass some values in, as they
won't be evaluated. #~(string-append sendmail "/usr/sbin/sendmail")
would no longer work for example.

Thanks again,

Chris
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEPonu50WOcg2XVOCyXiijOwuE9XcFAl7ig+ZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF
ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcACgkQXiijOwuE
9XfQ5w//TdCjyIV7Il7qPxVxVkms4DPVxiCBM7owp8+Pd7alvSs1RucW/ItAJFGJ
cqiOpK52A9TOQ6Nn5RgWvKR9F4LVQ/kg8kLEWsTtjAetoQU5fv5MnraN8q7Jkeej
PZtFj1h5HoBbVVxPSNcMVsX/l2WwrLZ0GzdNDYTH5PPovlMFSL1Vr1CEe8mvDAnL
LJ8znjXz149b9DS+aqWx+SOFyR3e+6cNdyfVIe0tFlum+QjIUXt+9iCr1RVc2WJB
QKPPCabnzyVuSz8p7pQHoUlxgO+9hDmoZKPVeZQ4NuzBLqZ4Jqzyc+2ydg8nKcBJ
58GcTmZUrd/QmSpzZpJWw6ljhhY0iapGeVKI+x+sHrXIepVLw3Vh50exOCvSYMit
HBJ7C4qRFmQZ/I+9CuyHHdCJGWftre0s0nQf8jaEkRoFeuI2uOqQKP3O2TsQKlRN
j1wZy8zRxT1XIITtyl8r7s3/LANUCj6PSXvOrKAeWuBT8CuHxXjekywuIHw1fU2X
Xp8SVuC8hVsoFisR6N+zJrg7EkPolyQsjw5a3TIxW1/aVuMXvro8ptVsika6bExJ
j/vGYHT7jtmdQoKNNTPfkPYyvPnSAFjUx/V273uaH1Z802Bm398qqwVEwr8V9Qf4
9JOCiJ48svqO5zrrjJuoajLjo7/v/X1bdUNL8C0qg5B8YweeEY8=
=5aP7
-----END PGP SIGNATURE-----

B
B
Brice Waegeneire wrote on 15 Jun 2020 17:12
Re: [bug#41763] services: opensmtpd: Fix the setgid problem for the smtpctl utility.
(address . maxim.cournoyer@gmail.com)
87d060747r.fsf@waegenei.re
Hello Maxim,

Thank you for the patchset!

maxim.cournoyer@gmail.com writes:

Toggle quote (4 lines)
> The following patches provide a mean to specify a user and group for a
> setuid program, and uses that to fix a setgid permission issue in the
> context of the opensmtpd service.

I applied it to try to use wireshark as non-root[0]:

Toggle snippet (7 lines)
(simple-service 'wireshark-group account-service-type
(list (user-group (name "wireshark") (system? #t))))
(simple-service 'wireshark-dumpcap setuid-program-service-type
(list (list (file-append wireshark "/bin/dumpcap")
"root" "wireshark")))

And unfortunately the first run of “guix reconfigure“ failed to make
“dumpcap“ as a setuid, but subsequent run succeeded:

Toggle snippet (7 lines)
[…]
setting up setuid programs in '/run/setuid-programs'...
warning: failed to make '/gnu/store/vdlk9rli5k5svy8p7bhf90ln03ybnxgj-wireshark-3.2.4/bin/dumpcap' setuid (root:wireshark): Success
populating /etc from /gnu/store/hxjyvg80zjaxfynjyk3jgqsn9249azmx-etc...
[…]

I guess it's because at first there wasn't a wireshark group on my
system, adding the group and the setuid program was done in the same
run, but “setting up setuid programs” is done before “populating /etc”
(comprising /etc/passwd) which in effect ended up trying to setuid
“dumpcap“ before the “wireshark“ group exists. And subsequent runs
succeeded creating a setuid “dumpcap” because the new group was already
on the system, it was created during the first run.

Populating /etc before setting up /run/setuid-programs should fix that
issue but maybe there is reason behind the current order of execution.

Toggle quote (10 lines)
> Christopher, you should be able to leverage this new facility to
> configure the uid/gid of the sendmail program to that of the smtpq user,
> like this:
>
> (operating-system)
> [...]
> (setuid-programs (cons (list (file-append sendmail "/usr/sbin/sendmail") "smtpq")
> %setuid-programs))
>

Aside from that I wonder if specifying user and group in a list is
future proof, maybe using a record would be more Guixy. In particular I
would like to be able to set capabilities (as with “setcap“) on binaries
since the store don't support it[1]; if that's even possible but it's an
other issue.


- Brice
B
B
Brice Waegeneire wrote on 5 Jul 2020 13:47
Block #41874
(address . control@debbugs.gnu.org)
9667f027e8609b9f83d0d2a6773bb8de@waegenei.re
block 41874 with 41763
J
J
Jonathan Brielmaier wrote on 3 Jan 2021 15:14
services: opensmtpd: Fix the setgid problem for the smtpctl utility.
(address . 41763@debbugs.gnu.org)
5aa8fff2-b4e6-8cba-e396-cd5c7a144fbc@web.de

What does us block from merging this? It hits me hard when using OpenSMTPD.
T
T
Tobias Geerinckx-Rice wrote on 3 Jan 2021 15:49
(address . 41763@debbugs.gnu.org)
87lfda5b3e.fsf@nckx
Jonathan Brielmaier ???
Toggle quote (2 lines)
> What does us block from merging this?

Reading [0], Chris & Brice bring up two good points that I don't
see addressed: using a record instead of a list & not breaking
gexps, although fixing one would probably moot the other.

Kind regards,

T G-R

-----BEGIN PGP SIGNATURE-----

iIMEARYKACsWIQT12iAyS4c9C3o4dnINsP+IT1VteQUCX/HZlQ0cbWVAdG9iaWFz
LmdyAAoJEA2w/4hPVW15NHIBAKrJR1+Baz9JB8K2wvHNLBnwHH1XIuMG//rWiOZa
3OuVAP9CsnxR5Ta1t19pyjXrdhMzidBhPea8LdaoaNB5SF+PAA==
=LZhz
-----END PGP SIGNATURE-----

M
M
Maxim Cournoyer wrote on 16 Jul 2021 06:24
Re: bug#41763: services: opensmtpd: Fix the setgid problem for the smtpctl utility.
(name . Tobias Geerinckx-Rice)(address . me@tobias.gr)
874kcunawx.fsf_-_@gmail.com
Hello,

Tobias Geerinckx-Rice <me@tobias.gr> writes:

Toggle quote (13 lines)
> Jonathan Brielmaier ???
>> What does us block from merging this?
>
> Reading [0], Chris & Brice bring up two good points that I don't see
> addressed: using a record instead of a list & not breaking gexps,
> although fixing one would probably moot the other.
>
> Kind regards,
>
> T G-R
>
> [0]: http://issues.guix.gnu.org/41763


Thanks,

Maxim
Closed
T
T
Tobias Geerinckx-Rice wrote on 16 Jul 2021 07:37
(address . 41763@debbugs.gnu.org)
e7296590fd5ed6676150904fe2a297ab@tobias.gr
Toggle quote (2 lines)
Yes please. Thanks.

T G-R

Sent from a Web browser. Excuse or enjoy my brevity.
?
Your comment

This issue is archived.

To comment on this conversation send an email to 41763@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 41763
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch