sendEmail-1.56-1

sendEmail-1.56-1

[Bob Brewer]

[-- Attachment #1: Type: text/plain, Size: 881 bytes --]

I installed the sendEmail addon with pakfire which installs 
/usr/local/bin/sendEmail OK but I think it has incorrect owners and 
permissions.

As installed it has:
-rwxr-xr-x 1   503 tape   80215 Dec  6  2012 sendEmail

which I think should be:
-rwsr-x--- 1 root  nobody 80215 Dec  6  2012 sendEmail

This patch to lfs/sendEmail should correct it

diff -u lfs/sendEmail lfs/sendEmail.1 
--- lfs/sendEmail       2019-01-20 10:07:56.128391962 +0000
+++ lfs/sendEmail.1     2019-02-02 18:08:58.823295469 +0000
@@ -63,7 +63,8 @@
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
        cd $(DIR_APP) && cp -pvf sendEmail /usr/local/bin
-       chmod 755 /usr/local/bin/sendEmail
+       chown root.nobody /usr/local/bin/sendEmail
+       chmod 04750 /usr/local/bin/sendEmail
        @rm -rf $(DIR_APP)
        @$(POSTBUILD)
 
HTH

Rob

Re: sendEmail-1.56-1

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 1337 bytes --]

Hi,

Thanks for sending the patch.

I agree that 503.tape is incorrect, but would say that sendEmail should be owned by root.root and have 755 as permissions.

Why does the script need to become root when it is being executed by nobody? I think that is a security risk.

-Michael

> On 2 Feb 2019, at 18:47, Bob Brewer <ipfire-devel(a)grantura.co.uk> wrote:
> 
> I installed the sendEmail addon with pakfire which installs 
> /usr/local/bin/sendEmail OK but I think it has incorrect owners and 
> permissions.
> 
> As installed it has:
> -rwxr-xr-x 1   503 tape   80215 Dec  6  2012 sendEmail
> 
> which I think should be:
> -rwsr-x--- 1 root  nobody 80215 Dec  6  2012 sendEmail
> 
> This patch to lfs/sendEmail should correct it
> 
> diff -u lfs/sendEmail lfs/sendEmail.1 
> --- lfs/sendEmail       2019-01-20 10:07:56.128391962 +0000
> +++ lfs/sendEmail.1     2019-02-02 18:08:58.823295469 +0000
> @@ -63,7 +63,8 @@
>        @$(PREBUILD)
>        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
>        cd $(DIR_APP) && cp -pvf sendEmail /usr/local/bin
> -       chmod 755 /usr/local/bin/sendEmail
> +       chown root.nobody /usr/local/bin/sendEmail
> +       chmod 04750 /usr/local/bin/sendEmail
>        @rm -rf $(DIR_APP)
>        @$(POSTBUILD)
> 
> HTH
> 
> Rob
> 

Re: sendEmail-1.56-1

[Rob Brewer]

[-- Attachment #1: Type: text/plain, Size: 734 bytes --]

Hi Michael

Michael Tremer wrote:

> Hi,
> 
> Thanks for sending the patch.
> 
> I agree that 503.tape is incorrect, but would say that sendEmail should be
> owned by root.root and have 755 as permissions.
> 
> Why does the script need to become root when it is being executed by
> nobody? I think that is a security risk.
> 
Because those were the owners and permissions with sendEmail in IPCop and I 
have an IPCop addon that uses sendEmail to send my firewall logs to Dshield. 
I dont think a group ID of nobody is essential for this addon though.

The addon based on the IPCop logsend addon been running for the last few 
months on my IPFire but need a little more work before I can release it 
here.

(watch this space :) )

Rob

Re: sendEmail-1.56-1

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 1249 bytes --]

Hi,

> On 6 Feb 2019, at 21:35, Rob Brewer <ipfire-devel(a)grantura.co.uk> wrote:
> 
> Hi Michael
> 
> Michael Tremer wrote:
> 
>> Hi,
>> 
>> Thanks for sending the patch.
>> 
>> I agree that 503.tape is incorrect, but would say that sendEmail should be
>> owned by root.root and have 755 as permissions.
>> 
>> Why does the script need to become root when it is being executed by
>> nobody? I think that is a security risk.
>> 
> Because those were the owners and permissions with sendEmail in IPCop and I 
> have an IPCop addon that uses sendEmail to send my firewall logs to Dshield. 
> I dont think a group ID of nobody is essential for this addon though.

No. Please change the patch accordingly and submit again.

Regarding the IPCop add-on: Please do not use sendEmail. It does not do the job.

We have dma, a small mail agent that can be configured over the web-ui. It does proper bounce handling and will try to send the email again in case the first attempt failed. sendEmail doesn’t do that.

> The addon based on the IPCop logsend addon been running for the last few 
> months on my IPFire but need a little more work before I can release it 
> here.
> 
> (watch this space :) )
> 
> Rob

-Michael

Re: sendEmail-1.56-1

[Rob Brewer]

[-- Attachment #1: Type: text/plain, Size: 1824 bytes --]

Hi Michael

Michael Tremer wrote:


> No. Please change the patch accordingly and submit again.
> 

Updated.....

--- lfs/sendEmail       2019-02-03 09:52:33.517456033 +0000
+++ lfs/sendEmail.2     2019-02-10 16:21:30.662927661 +0000
@@ -63,8 +63,8 @@
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
        cd $(DIR_APP) && cp -pvf sendEmail /usr/local/bin
-       chown root.nobody /usr/local/bin/sendEmail
-       chmod 04750 /usr/local/bin/sendEmail
+       chown root.root /usr/local/bin/sendEmail
+       chmod 755 /usr/local/bin/sendEmail
        @rm -rf $(DIR_APP)
        @$(POSTBUILD)
 

> Regarding the IPCop add-on: Please do not use sendEmail. It does not do
> the job.
>
Unfortunately the logsend addon was built around sendEmail with lots of
bash scripts and since as it is available as an IPFire addon it would seem
to make sense to use it to minimize to the changes required. 
 
> We have dma, a small mail agent that can be configured over the web-ui. It
> does proper bounce handling and will try to send the email again in case
> the first attempt failed. sendEmail doesn’t do that.

I did look at dma and did consider it as an alternative mta but I could not find
any  documentation on how to interface with IPFire's dma for sending emails. I will 
look again if someone can point me to  something about dma I have overlooked.

I relay sendEmail through my own mail server (sendmail) so I don't have bounce
problems and would expect users who don't have their own mta to use their ISPs 
server to handle any bounce problems.

I can say that I haven't had any problems with sendEmail sending logs to Dshield
over the last 14 years even though the data has increased ~50 times since then.


Rob

 

Re: sendEmail-1.56-1

[Rob Brewer]

[-- Attachment #1: Type: text/plain, Size: 1167 bytes --]

Hi Michael,

Rob Brewer wrote:

>> No. Please change the patch accordingly and submit again.
>>
> 
> Updated.....
> 
> --- lfs/sendEmail       2019-02-03 09:52:33.517456033 +0000
> +++ lfs/sendEmail.2     2019-02-10 16:21:30.662927661 +0000
> @@ -63,8 +63,8 @@
> @$(PREBUILD)
> @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
> cd $(DIR_APP) && cp -pvf sendEmail /usr/local/bin
> -       chown root.nobody /usr/local/bin/sendEmail
> -       chmod 04750 /usr/local/bin/sendEmail
> +       chown root.root /usr/local/bin/sendEmail
> +       chmod 755 /usr/local/bin/sendEmail
> @rm -rf $(DIR_APP)
> @$(POSTBUILD)

Sorry the above is wrong. It is a diff from my modified sendEmail

To patch the original use:

--- lfs/sendEmail       2019-02-10 21:49:48.392705266 +0000
+++ lfs/sendEmail.2     2019-02-10 16:21:30.662927661 +0000
@@ -63,6 +63,7 @@
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
        cd $(DIR_APP) && cp -pvf sendEmail /usr/local/bin
+       chown root.root /usr/local/bin/sendEmail
        chmod 755 /usr/local/bin/sendEmail
        @rm -rf $(DIR_APP)
        @$(POSTBUILD)


Rob

Re: sendEmail-1.56-1

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 1495 bytes --]

Hello Rob,

Would you re-submit this patch with “git send-email” so that Patchwork can pick it up and it can be merged?

Best,
-Michael

> On 10 Feb 2019, at 22:00, Rob Brewer <ipfire-devel(a)grantura.co.uk> wrote:
> 
> Hi Michael,
> 
> Rob Brewer wrote:
> 
>>> No. Please change the patch accordingly and submit again.
>>> 
>> 
>> Updated.....
>> 
>> --- lfs/sendEmail       2019-02-03 09:52:33.517456033 +0000
>> +++ lfs/sendEmail.2     2019-02-10 16:21:30.662927661 +0000
>> @@ -63,8 +63,8 @@
>> @$(PREBUILD)
>> @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
>> cd $(DIR_APP) && cp -pvf sendEmail /usr/local/bin
>> -       chown root.nobody /usr/local/bin/sendEmail
>> -       chmod 04750 /usr/local/bin/sendEmail
>> +       chown root.root /usr/local/bin/sendEmail
>> +       chmod 755 /usr/local/bin/sendEmail
>> @rm -rf $(DIR_APP)
>> @$(POSTBUILD)
> 
> Sorry the above is wrong. It is a diff from my modified sendEmail
> 
> To patch the original use:
> 
> --- lfs/sendEmail       2019-02-10 21:49:48.392705266 +0000
> +++ lfs/sendEmail.2     2019-02-10 16:21:30.662927661 +0000
> @@ -63,6 +63,7 @@
>        @$(PREBUILD)
>        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
>        cd $(DIR_APP) && cp -pvf sendEmail /usr/local/bin
> +       chown root.root /usr/local/bin/sendEmail
>        chmod 755 /usr/local/bin/sendEmail
>        @rm -rf $(DIR_APP)
>        @$(POSTBUILD)
> 
> 
> Rob

[PATCH] sendEmail

[Rob Brewer]

[-- Attachment #1: Type: text/plain, Size: 732 bytes --]

Michael Tremer wrote:

> Would you re-submit this patch with “git send-email” so that Patchwork can
> pick it up and it can be merged?
> 
I'm still getting my head around git. Hopefully this is what is needed.

HTH

Rob


diff --git a/lfs/sendEmail b/lfs/sendEmail
index 28646ef93..cc9f67aaa 100644
--- a/lfs/sendEmail
+++ b/lfs/sendEmail
@@ -63,6 +63,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
        cd $(DIR_APP) && cp -pvf sendEmail /usr/local/bin
+       chown root.root /usr/local/bin/sendEmail
        chmod 755 /usr/local/bin/sendEmail
        @rm -rf $(DIR_APP)
        @$(POSTBUILD)

Re: [PATCH] sendEmail

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 1211 bytes --]

Hello,

Yes, this is almost it.

Two minor things (I fixed both of them for you):

* If you change an add-on, please increase PAK_VER. That way, pakfire knows that this package has changed.

* You used spaces instead of tabs for the indentation of the added line. GNU Make only supports tabs.

I merged the patch though.

Best,
-Michael

> On 13 Feb 2019, at 22:49, Rob Brewer <ipfire-devel(a)grantura.co.uk> wrote:
> 
> Michael Tremer wrote:
> 
>> Would you re-submit this patch with “git send-email” so that Patchwork can
>> pick it up and it can be merged?
>> 
> I'm still getting my head around git. Hopefully this is what is needed.
> 
> HTH
> 
> Rob
> 
> 
> diff --git a/lfs/sendEmail b/lfs/sendEmail
> index 28646ef93..cc9f67aaa 100644
> --- a/lfs/sendEmail
> +++ b/lfs/sendEmail
> @@ -63,6 +63,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
>        @$(PREBUILD)
>        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
>        cd $(DIR_APP) && cp -pvf sendEmail /usr/local/bin
> +       chown root.root /usr/local/bin/sendEmail
>        chmod 755 /usr/local/bin/sendEmail
>        @rm -rf $(DIR_APP)
>        @$(POSTBUILD)
>