services: opensmtpd: Fix the setgid problem for the smtpctl utility.

  • Done
  • quality assurance status badge
Details
5 participants
  • Brice Waegeneire
  • Jonathan Brielmaier
  • Christopher Baines
  • maxim.cournoyer
  • Tobias Geerinckx-Rice
Owner
unassigned
Submitted by
maxim.cournoyer
Severity
normal
M
M
maxim.cournoyer wrote on 8 Jun 2020 19:46
(name . guix-patches)(address . guix-patches@gnu.org)(name . Christopher Baines)(address . mail@cbaines.net)
87eeqpih6q.fsf@hurd.i-did-not-set--mail-host-address--so-tickle-me
Hello!

The following patches provide a mean to specify a user and group for a
setuid program, and uses that to fix a setgid permission issue in the
context of the opensmtpd service.

Christopher, you should be able to leverage this new facility to
configure the uid/gid of the sendmail program to that of the smtpq user,
like this:

Toggle snippet (6 lines)
(operating-system)
[...]
(setuid-programs (cons (list (file-append sendmail "/usr/sbin/sendmail") "smtpq")
%setuid-programs))

The smtpq user is created as part of the OpenSMTPD service definition.

Thank you,
Attachment: 0001-services-Allow-configuring-the-ownership-of-setuid-p.patch
From 01c1ab83bf6f5a8158a993de2fa0048f6d172a73 Mon Sep 17 00:00:00 2001
From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Date: Sun, 7 Jun 2020 23:49:25 -0400
Subject: [PATCH 2/3] services: opensmtpd: Remove unused binding.

* gnu/services/mail.scm (opensmtpd-activation): Remove unused SMTPD variable
binding.
---
gnu/services/mail.scm | 17 ++++++++---------
1 file changed, 8 insertions(+), 9 deletions(-)

Toggle diff (30 lines)
diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm
index cfcaf4601b..7c49d99e9f 100644
--- a/gnu/services/mail.scm
+++ b/gnu/services/mail.scm
@@ -1665,15 +1665,14 @@ match from local for any action outbound
(define opensmtpd-activation
(match-lambda
(($ <opensmtpd-configuration> package config-file)
- (let ((smtpd (file-append package "/sbin/smtpd")))
- #~(begin
- (use-modules (guix build utils))
- ;; Create mbox and spool directories.
- (mkdir-p "/var/mail")
- (mkdir-p "/var/spool/smtpd")
- (chmod "/var/spool/smtpd" #o711)
- (mkdir-p "/var/spool/mail")
- (chmod "/var/spool/mail" #o711))))))
+ #~(begin
+ (use-modules (guix build utils))
+ ;; Create mbox and spool directories.
+ (mkdir-p "/var/mail")
+ (mkdir-p "/var/spool/smtpd")
+ (chmod "/var/spool/smtpd" #o711)
+ (mkdir-p "/var/spool/mail")
+ (chmod "/var/spool/mail" #o711)))))
(define %opensmtpd-pam-services
(list (unix-pam-service "smtpd")))
--
2.26.2
From 52a1a031e6a7c0196cf17d0bd32061d02b453df8 Mon Sep 17 00:00:00 2001
From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Date: Sun, 7 Jun 2020 23:52:00 -0400
Subject: [PATCH 3/3] services: opensmtpd: Fix the setgid problem for the
smtpctl utility.

The utility was complaining that it wasn't setgid to the group ID of the
"smtpq" group.

* gnu/services/mail.scm (opensmtpd-service-type): Extend the
setuid-program-service-type with the smtpctl program.
---
gnu/services/mail.scm | 7 +++++++
1 file changed, 7 insertions(+)

Toggle diff (27 lines)
diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm
index 7c49d99e9f..96efbd951d 100644
--- a/gnu/services/mail.scm
+++ b/gnu/services/mail.scm
@@ -1662,6 +1662,11 @@ match from local for any action outbound
(home-directory "/var/empty")
(shell (file-append shadow "/sbin/nologin")))))
+(define (opensmtpd-setuid-programs opensmtpd-configuration)
+ (let ((smtpctl (file-append (opensmtpd-configuration-package
+ opensmtpd-configuration) "/sbin/smtpctl")))
+ (list (list smtpctl "smtpq"))))
+
(define opensmtpd-activation
(match-lambda
(($ <opensmtpd-configuration> package config-file)
@@ -1683,6 +1688,8 @@ match from local for any action outbound
(extensions
(list (service-extension account-service-type
(const %opensmtpd-accounts))
+ (service-extension setuid-program-service-type
+ opensmtpd-setuid-programs)
(service-extension activation-service-type
opensmtpd-activation)
(service-extension pam-root-service-type
--
2.26.2
Maxim
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEJ9WGpPiQCFQyn/CfEmDkZILmNWIFAl7eeX0ACgkQEmDkZILm
NWJXDg/+JGbUaMn8GMdk4Ek1ZJSsZusQWvzXR+ie82wLZ51LtpuAmNmtFeYiODe7
UYMVZGXTLhRqhwxdEoQUE6+i1H1Y3qj9D8nl6223/ZU63czuFb7JiQ6QmeU6KGao
Un/yVZyERznxeUUvqZQlH3oPLQglvc1K2w+zcAhdcCf2GJjJjkGoOrvI5hQ/sueh
/E8GG71FqGPMT3MRaHc7G4T1GDAXFlHK9YmLwFzRLPnEAQMVlMidw8EgKd7g1ZWT
tE+1iQbyrNpodDHUDTotWUtFxKmyFovm3ct3K3xFs3Ao6EwVZfJqNvNJlx7O6IiH
Nat8Z5H0zZ6MwCiEJToetZfNSG+rRX0jpGwDRDBx6hwXxCEslHUGbyBGyZlQQuji
PYYpqWzQYAzpv8ijnsIYYFoowopABGfvZlWTtXBgLyNETgli1pQTxT5H/a8Tkm7t
ySDI9+2nPnJilirnTUFynspUWL0oYzJExi5ZLnt1yNU9mwmFTKecM2mx5q6wjXBY
erTN+2JwfW7X2Nrb8JNJKHoDBUJpGmj8lvIZoTcB4B46vkDzCcC497fpFaGAuh3f
kO6TC+NABNncXRGTsaf5rIS7HwIFBZkfmrNTaEX4AwFzzo8D7RZ3q8kW/m9LgEzR
zvyW3CVQBoKiqyoPoxTum0Bsw7FG8YrhWoj7ECdQwzHY7qj5OJs=
=FFdP
-----END PGP SIGNATURE-----

C
C
Christopher Baines wrote on 11 Jun 2020 21:20
(address . maxim.cournoyer@gmail.com)(address . 41763@debbugs.gnu.org)
87v9jx8l5l.fsf@cbaines.net
maxim.cournoyer@gmail.com writes:

Toggle quote (22 lines)
> The following patches provide a mean to specify a user and group for a
> setuid program, and uses that to fix a setgid permission issue in the
> context of the opensmtpd service.
>
> Christopher, you should be able to leverage this new facility to
> configure the uid/gid of the sendmail program to that of the smtpq user,
> like this:
>
> --8<---------------cut here---------------start------------->8---
> (operating-system)
> [...]
> (setuid-programs (cons (list (file-append sendmail "/usr/sbin/sendmail") "smtpq")
> %setuid-programs))
> --8<---------------cut here---------------end--------------->8---
>
> The smtpq user is created as part of the OpenSMTPD service definition.
>
> Thank you,
>
>
> Maxim

Well, thank you for looking in to this Maxim. I've had a brief look
through the patches, although I don't know enough about this area to
comment properly on them.

I wonder if it's worth using a record type to make it possible to pass
the user and group values to the service. That would probably result in
more readable configuration than just using a list of varying length.

Specifically on the diff:

- (list #$@programs))))))
+ (quote (#$@programs)))))))

This change here will mean that you can't pass some values in, as they
won't be evaluated. #~(string-append sendmail "/usr/sbin/sendmail")
would no longer work for example.

Thanks again,

Chris
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEPonu50WOcg2XVOCyXiijOwuE9XcFAl7ig+ZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF
ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcACgkQXiijOwuE
9XfQ5w//TdCjyIV7Il7qPxVxVkms4DPVxiCBM7owp8+Pd7alvSs1RucW/ItAJFGJ
cqiOpK52A9TOQ6Nn5RgWvKR9F4LVQ/kg8kLEWsTtjAetoQU5fv5MnraN8q7Jkeej
PZtFj1h5HoBbVVxPSNcMVsX/l2WwrLZ0GzdNDYTH5PPovlMFSL1Vr1CEe8mvDAnL
LJ8znjXz149b9DS+aqWx+SOFyR3e+6cNdyfVIe0tFlum+QjIUXt+9iCr1RVc2WJB
QKPPCabnzyVuSz8p7pQHoUlxgO+9hDmoZKPVeZQ4NuzBLqZ4Jqzyc+2ydg8nKcBJ
58GcTmZUrd/QmSpzZpJWw6ljhhY0iapGeVKI+x+sHrXIepVLw3Vh50exOCvSYMit
HBJ7C4qRFmQZ/I+9CuyHHdCJGWftre0s0nQf8jaEkRoFeuI2uOqQKP3O2TsQKlRN
j1wZy8zRxT1XIITtyl8r7s3/LANUCj6PSXvOrKAeWuBT8CuHxXjekywuIHw1fU2X
Xp8SVuC8hVsoFisR6N+zJrg7EkPolyQsjw5a3TIxW1/aVuMXvro8ptVsika6bExJ
j/vGYHT7jtmdQoKNNTPfkPYyvPnSAFjUx/V273uaH1Z802Bm398qqwVEwr8V9Qf4
9JOCiJ48svqO5zrrjJuoajLjo7/v/X1bdUNL8C0qg5B8YweeEY8=
=5aP7
-----END PGP SIGNATURE-----

B
B
Brice Waegeneire wrote on 15 Jun 2020 17:12
Re: [bug#41763] services: opensmtpd: Fix the setgid problem for the smtpctl utility.
(address . maxim.cournoyer@gmail.com)
87d060747r.fsf@waegenei.re
Hello Maxim,

Thank you for the patchset!

maxim.cournoyer@gmail.com writes:

Toggle quote (4 lines)
> The following patches provide a mean to specify a user and group for a
> setuid program, and uses that to fix a setgid permission issue in the
> context of the opensmtpd service.

I applied it to try to use wireshark as non-root[0]:

Toggle snippet (7 lines)
(simple-service 'wireshark-group account-service-type
(list (user-group (name "wireshark") (system? #t))))
(simple-service 'wireshark-dumpcap setuid-program-service-type
(list (list (file-append wireshark "/bin/dumpcap")
"root" "wireshark")))

And unfortunately the first run of “guix reconfigure“ failed to make
“dumpcap“ as a setuid, but subsequent run succeeded:

Toggle snippet (7 lines)
[…]
setting up setuid programs in '/run/setuid-programs'...
warning: failed to make '/gnu/store/vdlk9rli5k5svy8p7bhf90ln03ybnxgj-wireshark-3.2.4/bin/dumpcap' setuid (root:wireshark): Success
populating /etc from /gnu/store/hxjyvg80zjaxfynjyk3jgqsn9249azmx-etc...
[…]

I guess it's because at first there wasn't a wireshark group on my
system, adding the group and the setuid program was done in the same
run, but “setting up setuid programs” is done before “populating /etc”
(comprising /etc/passwd) which in effect ended up trying to setuid
“dumpcap“ before the “wireshark“ group exists. And subsequent runs
succeeded creating a setuid “dumpcap” because the new group was already
on the system, it was created during the first run.

Populating /etc before setting up /run/setuid-programs should fix that
issue but maybe there is reason behind the current order of execution.

Toggle quote (10 lines)
> Christopher, you should be able to leverage this new facility to
> configure the uid/gid of the sendmail program to that of the smtpq user,
> like this:
>
> (operating-system)
> [...]
> (setuid-programs (cons (list (file-append sendmail "/usr/sbin/sendmail") "smtpq")
> %setuid-programs))
>

Aside from that I wonder if specifying user and group in a list is
future proof, maybe using a record would be more Guixy. In particular I
would like to be able to set capabilities (as with “setcap“) on binaries
since the store don't support it[1]; if that's even possible but it's an
other issue.


- Brice
B
B
Brice Waegeneire wrote on 5 Jul 2020 13:47
Block #41874
(address . control@debbugs.gnu.org)
9667f027e8609b9f83d0d2a6773bb8de@waegenei.re
block 41874 with 41763
J
J
Jonathan Brielmaier wrote on 3 Jan 2021 15:14
services: opensmtpd: Fix the setgid problem for the smtpctl utility.
(address . 41763@debbugs.gnu.org)
5aa8fff2-b4e6-8cba-e396-cd5c7a144fbc@web.de

What does us block from merging this? It hits me hard when using OpenSMTPD.
T
T
Tobias Geerinckx-Rice wrote on 3 Jan 2021 15:49
(address . 41763@debbugs.gnu.org)
87lfda5b3e.fsf@nckx
Jonathan Brielmaier ???
Toggle quote (2 lines)
> What does us block from merging this?

Reading [0], Chris & Brice bring up two good points that I don't
see addressed: using a record instead of a list & not breaking
gexps, although fixing one would probably moot the other.

Kind regards,

T G-R

-----BEGIN PGP SIGNATURE-----

iIMEARYKACsWIQT12iAyS4c9C3o4dnINsP+IT1VteQUCX/HZlQ0cbWVAdG9iaWFz
LmdyAAoJEA2w/4hPVW15NHIBAKrJR1+Baz9JB8K2wvHNLBnwHH1XIuMG//rWiOZa
3OuVAP9CsnxR5Ta1t19pyjXrdhMzidBhPea8LdaoaNB5SF+PAA==
=LZhz
-----END PGP SIGNATURE-----

M
M
Maxim Cournoyer wrote on 16 Jul 2021 06:24
Re: bug#41763: services: opensmtpd: Fix the setgid problem for the smtpctl utility.
(name . Tobias Geerinckx-Rice)(address . me@tobias.gr)
874kcunawx.fsf_-_@gmail.com
Hello,

Tobias Geerinckx-Rice <me@tobias.gr> writes:

Toggle quote (13 lines)
> Jonathan Brielmaier ???
>> What does us block from merging this?
>
> Reading [0], Chris & Brice bring up two good points that I don't see
> addressed: using a record instead of a list & not breaking gexps,
> although fixing one would probably moot the other.
>
> Kind regards,
>
> T G-R
>
> [0]: http://issues.guix.gnu.org/41763


Thanks,

Maxim
Closed
T
T
Tobias Geerinckx-Rice wrote on 16 Jul 2021 07:37
(address . 41763@debbugs.gnu.org)
e7296590fd5ed6676150904fe2a297ab@tobias.gr
Toggle quote (2 lines)
Yes please. Thanks.

T G-R

Sent from a Web browser. Excuse or enjoy my brevity.
?