ungleich-public/cdist-contrib
ungleich-public
/
cdist-contrib
7
2
Fork 3
Code Issues 5 Pull Requests 5 Projects Releases Wiki Activity

[__opendkim[_genkey]]: potential for wrong permissions with --userid #17

New Issue
Open
opened 2022-03-09 20:05:19 +00:00 by evilham · 2 comments
evilham commented 2022-03-09 20:05:19 +00:00
Collaborator
Copy Link

Porting these types to work on FreeBSD I noticed that __opendkim has support for a --userid parameter.

OTOH, __opendkim_genkey just uses chown opendkim:opendkim KEY.private; therefore assuming that the service runs with those credentials.

Without knowing the internals of Alpine, I can imagine this being an issue as per opendkim(8):

   Thus, keys referenced by the KeyTable must always be accessible for
   read by the unprivileged user.  Also, run-time reloads are not possible
   if any of the other files will not be readable by the unprivileged
   user.

Instead of making things complex, I suggest deprecating __opendkim's --userid argument; does that sound ok? Which use-case am I missing?

Porting these types to work on FreeBSD I noticed that `__opendkim` has support for a `--userid` parameter. OTOH, `__opendkim_genkey` just uses `chown opendkim:opendkim KEY.private`; therefore assuming that the service runs with those credentials. Without knowing the internals of Alpine, I can imagine this being an issue as per `opendkim(8)`: Thus, keys referenced by the KeyTable must always be accessible for read by the unprivileged user. Also, run-time reloads are not possible if any of the other files will not be readable by the unprivileged user. Instead of making things complex, I suggest deprecating `__opendkim`'s `--userid` argument; does that sound ok? Which use-case am I missing?
evilham changed title from __opendkim[_genkey]: potential for wrong permissions with --userid to [__opendkim[_genkey]]: potential for wrong permissions with --userid 2022-03-09 20:35:18 +00:00
evilham commented 2022-03-09 20:35:45 +00:00
Author
Collaborator
Copy Link

cc: @sparrowhawk

cc: @sparrowhawk
sparrowhawk commented 2022-03-15 14:29:23 +00:00
Collaborator
Copy Link

Uuugh, pretty sure that's a loosely concentrated me trying to ease further generalization of the type without actually thinking it through. We don't use that parameter anywhere, and I don't see why anyone would want to use another user than the one that is preconfigured in the package for their distribution.

Go for deprecation.

Uuugh, pretty sure that's a loosely concentrated me trying to ease further generalization of the type without actually thinking it through. We don't use that parameter anywhere, and I don't see why anyone would want to use another user than the one that is preconfigured in the package for their distribution. Go for deprecation.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
master
opendkim-debian
opendkim-improvements
php
kjg_passwordconfig
synapse-upstream-apt-repository
haproxy-dualstack
synapse-upstream-repository
root-mail-dma
Labels
Clear labels   
bug

   
confirmed

   
critical

   
discussion

   
documentation

   
enhancement

   
feedback-required

   
good-first-issue

   
ready

   
reviewed

   
suggestion

   
support
No Label
bug
confirmed
critical
discussion
documentation
enhancement
feedback-required
good-first-issue
ready
reviewed
suggestion
support
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: ungleich-public/cdist-contrib#17
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?