Bug 19245

Summary: ssmtp conf files installed as setgid root?
Product: Mageia Reporter: Panos Christeas <xrg>
Component: RPM PackagesAssignee: Johnny A. Solbu <cooker>
Status: RESOLVED FIXED QA Contact:
Severity: minor    
Priority: Normal    
Version: Cauldron   
Target Milestone: Mageia 7   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: ssmtp-2.64-13.mga4.src.rpm CVE:
Status comment:

Description Panos Christeas 2016-08-25 10:13:33 CEST 
A little remark on the %files section:
Files

drwxr-s---	 80 	  root	 mail	 /etc/ssmtp
-rwxr-s---	 200 	 root	 mail	 /etc/ssmtp/revaliases
-rwxr-s---	 1488	 root	 mail	 /etc/ssmtp/ssmtp.conf

Is there a reason/purpose why g+s is set?
Also, u+x on those conf files may be pointless, isn't it?
Jani Välimaa 2016-08-25 15:25:39 CEST

Summary: Why are conf installed as setgid root? => ssmtp conf files installed as setgid root?

David Walser 2016-08-25 17:18:00 CEST

Assignee: bugsquad => cooker

Comment 1 Johnny A. Solbu 2017-06-05 10:34:36 CEST 
(In reply to Panos Christeas from comment #0)
> Is there a reason/purpose why g+s is set?

It is a security fix. See bug 10701 and this advisory for details: http://advisories.mageia.org/MGAA-2013-0064.html

> Also, u+x on those conf files may be pointless, isn't it?

I can fix the execute bit on the conf files when release freeze lifts after mga6 is released.

Version: 5 => Cauldron
Target Milestone: --- => Mageia 7
Status: NEW => ASSIGNED

Comment 2 Panos Christeas 2017-06-05 11:45:34 CEST 
Fair enough, then.
A comment in the SPEC file, about this, would help not ask this question again.
Comment 3 Johnny A. Solbu 2017-08-09 14:56:17 CEST 
Fixed in Cauldron

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED