I installed the sendEmail addon with pakfire which installs /usr/local/bin/sendEmail OK but I think it has incorrect owners and permissions.
As installed it has: -rwxr-xr-x 1 503 tape 80215 Dec 6 2012 sendEmail
which I think should be: -rwsr-x--- 1 root nobody 80215 Dec 6 2012 sendEmail
This patch to lfs/sendEmail should correct it
diff -u lfs/sendEmail lfs/sendEmail.1 --- lfs/sendEmail 2019-01-20 10:07:56.128391962 +0000 +++ lfs/sendEmail.1 2019-02-02 18:08:58.823295469 +0000 @@ -63,7 +63,8 @@ @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && cp -pvf sendEmail /usr/local/bin - chmod 755 /usr/local/bin/sendEmail + chown root.nobody /usr/local/bin/sendEmail + chmod 04750 /usr/local/bin/sendEmail @rm -rf $(DIR_APP) @$(POSTBUILD)
HTH
Rob
Hi,
Thanks for sending the patch.
I agree that 503.tape is incorrect, but would say that sendEmail should be owned by root.root and have 755 as permissions.
Why does the script need to become root when it is being executed by nobody? I think that is a security risk.
-Michael
On 2 Feb 2019, at 18:47, Bob Brewer ipfire-devel@grantura.co.uk wrote:
I installed the sendEmail addon with pakfire which installs /usr/local/bin/sendEmail OK but I think it has incorrect owners and permissions.
As installed it has: -rwxr-xr-x 1 503 tape 80215 Dec 6 2012 sendEmail
which I think should be: -rwsr-x--- 1 root nobody 80215 Dec 6 2012 sendEmail
This patch to lfs/sendEmail should correct it
diff -u lfs/sendEmail lfs/sendEmail.1 --- lfs/sendEmail 2019-01-20 10:07:56.128391962 +0000 +++ lfs/sendEmail.1 2019-02-02 18:08:58.823295469 +0000 @@ -63,7 +63,8 @@ @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && cp -pvf sendEmail /usr/local/bin
chmod 755 /usr/local/bin/sendEmail
chown root.nobody /usr/local/bin/sendEmailchmod 04750 /usr/local/bin/sendEmail @rm -rf $(DIR_APP) @$(POSTBUILD)HTH
Rob
Hi Michael
Michael Tremer wrote:
Hi,
Thanks for sending the patch.
I agree that 503.tape is incorrect, but would say that sendEmail should be owned by root.root and have 755 as permissions.
Why does the script need to become root when it is being executed by nobody? I think that is a security risk.
Because those were the owners and permissions with sendEmail in IPCop and I have an IPCop addon that uses sendEmail to send my firewall logs to Dshield. I dont think a group ID of nobody is essential for this addon though.
The addon based on the IPCop logsend addon been running for the last few months on my IPFire but need a little more work before I can release it here.
(watch this space :) )
Rob
Hi,
On 6 Feb 2019, at 21:35, Rob Brewer ipfire-devel@grantura.co.uk wrote:
Hi Michael
Michael Tremer wrote:
Hi,
Thanks for sending the patch.
I agree that 503.tape is incorrect, but would say that sendEmail should be owned by root.root and have 755 as permissions.
Why does the script need to become root when it is being executed by nobody? I think that is a security risk.
Because those were the owners and permissions with sendEmail in IPCop and I have an IPCop addon that uses sendEmail to send my firewall logs to Dshield. I dont think a group ID of nobody is essential for this addon though.
No. Please change the patch accordingly and submit again.
Regarding the IPCop add-on: Please do not use sendEmail. It does not do the job.
We have dma, a small mail agent that can be configured over the web-ui. It does proper bounce handling and will try to send the email again in case the first attempt failed. sendEmail doesn’t do that.
The addon based on the IPCop logsend addon been running for the last few months on my IPFire but need a little more work before I can release it here.
(watch this space :) )
Rob
-Michael
Hi Michael
Michael Tremer wrote:
No. Please change the patch accordingly and submit again.
Updated.....
--- lfs/sendEmail 2019-02-03 09:52:33.517456033 +0000 +++ lfs/sendEmail.2 2019-02-10 16:21:30.662927661 +0000 @@ -63,8 +63,8 @@ @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && cp -pvf sendEmail /usr/local/bin - chown root.nobody /usr/local/bin/sendEmail - chmod 04750 /usr/local/bin/sendEmail + chown root.root /usr/local/bin/sendEmail + chmod 755 /usr/local/bin/sendEmail @rm -rf $(DIR_APP) @$(POSTBUILD)
Regarding the IPCop add-on: Please do not use sendEmail. It does not do the job.
Unfortunately the logsend addon was built around sendEmail with lots of bash scripts and since as it is available as an IPFire addon it would seem to make sense to use it to minimize to the changes required.
We have dma, a small mail agent that can be configured over the web-ui. It does proper bounce handling and will try to send the email again in case the first attempt failed. sendEmail doesn’t do that.
I did look at dma and did consider it as an alternative mta but I could not find any documentation on how to interface with IPFire's dma for sending emails. I will look again if someone can point me to something about dma I have overlooked.
I relay sendEmail through my own mail server (sendmail) so I don't have bounce problems and would expect users who don't have their own mta to use their ISPs server to handle any bounce problems.
I can say that I haven't had any problems with sendEmail sending logs to Dshield over the last 14 years even though the data has increased ~50 times since then.
Rob
Hi Michael,
Rob Brewer wrote:
No. Please change the patch accordingly and submit again.
Updated.....
--- lfs/sendEmail 2019-02-03 09:52:33.517456033 +0000 +++ lfs/sendEmail.2 2019-02-10 16:21:30.662927661 +0000 @@ -63,8 +63,8 @@ @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && cp -pvf sendEmail /usr/local/bin
chown root.nobody /usr/local/bin/sendEmailchmod 04750 /usr/local/bin/sendEmail
chown root.root /usr/local/bin/sendEmailchmod 755 /usr/local/bin/sendEmail@rm -rf $(DIR_APP) @$(POSTBUILD)
Sorry the above is wrong. It is a diff from my modified sendEmail
To patch the original use:
--- lfs/sendEmail 2019-02-10 21:49:48.392705266 +0000 +++ lfs/sendEmail.2 2019-02-10 16:21:30.662927661 +0000 @@ -63,6 +63,7 @@ @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && cp -pvf sendEmail /usr/local/bin + chown root.root /usr/local/bin/sendEmail chmod 755 /usr/local/bin/sendEmail @rm -rf $(DIR_APP) @$(POSTBUILD)
Rob
Hello Rob,
Would you re-submit this patch with “git send-email” so that Patchwork can pick it up and it can be merged?
Best, -Michael
On 10 Feb 2019, at 22:00, Rob Brewer ipfire-devel@grantura.co.uk wrote:
Hi Michael,
Rob Brewer wrote:
No. Please change the patch accordingly and submit again.
Updated.....
--- lfs/sendEmail 2019-02-03 09:52:33.517456033 +0000 +++ lfs/sendEmail.2 2019-02-10 16:21:30.662927661 +0000 @@ -63,8 +63,8 @@ @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && cp -pvf sendEmail /usr/local/bin
chown root.nobody /usr/local/bin/sendEmailchmod 04750 /usr/local/bin/sendEmail
chown root.root /usr/local/bin/sendEmailchmod 755 /usr/local/bin/sendEmail@rm -rf $(DIR_APP) @$(POSTBUILD)
Sorry the above is wrong. It is a diff from my modified sendEmail
To patch the original use:
--- lfs/sendEmail 2019-02-10 21:49:48.392705266 +0000 +++ lfs/sendEmail.2 2019-02-10 16:21:30.662927661 +0000 @@ -63,6 +63,7 @@ @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && cp -pvf sendEmail /usr/local/bin
chown root.root /usr/local/bin/sendEmail chmod 755 /usr/local/bin/sendEmail @rm -rf $(DIR_APP) @$(POSTBUILD)Rob
Michael Tremer wrote:
Would you re-submit this patch with “git send-email” so that Patchwork can pick it up and it can be merged?
I'm still getting my head around git. Hopefully this is what is needed.
HTH
Rob
diff --git a/lfs/sendEmail b/lfs/sendEmail index 28646ef93..cc9f67aaa 100644 --- a/lfs/sendEmail +++ b/lfs/sendEmail @@ -63,6 +63,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && cp -pvf sendEmail /usr/local/bin + chown root.root /usr/local/bin/sendEmail chmod 755 /usr/local/bin/sendEmail @rm -rf $(DIR_APP) @$(POSTBUILD)
Hello,
Yes, this is almost it.
Two minor things (I fixed both of them for you):
* If you change an add-on, please increase PAK_VER. That way, pakfire knows that this package has changed.
* You used spaces instead of tabs for the indentation of the added line. GNU Make only supports tabs.
I merged the patch though.
Best, -Michael
On 13 Feb 2019, at 22:49, Rob Brewer ipfire-devel@grantura.co.uk wrote:
Michael Tremer wrote:
Would you re-submit this patch with “git send-email” so that Patchwork can pick it up and it can be merged?
I'm still getting my head around git. Hopefully this is what is needed.
HTH
Rob
diff --git a/lfs/sendEmail b/lfs/sendEmail index 28646ef93..cc9f67aaa 100644 --- a/lfs/sendEmail +++ b/lfs/sendEmail @@ -63,6 +63,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && cp -pvf sendEmail /usr/local/bin
chown root.root /usr/local/bin/sendEmail chmod 755 /usr/local/bin/sendEmail @rm -rf $(DIR_APP) @$(POSTBUILD)
-
Bob Brewer -
Michael Tremer -
Rob Brewer