Date: Wed, 23 Jul 2025 18:41:44 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 288409] DMA configuration permissions are too liberal Message-ID: <bug-288409-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=288409 Bug ID: 288409 Summary: DMA configuration permissions are too liberal Product: Base System Version: Unspecified Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: conf Assignee: bugs@FreeBSD.org Reporter: dacav@fastmail.com The configuration files of dma(8) are world readable: $ ls -l /etc/dma/* -rw-r--r-- 1 root wheel 54 Apr 11 18:41 /etc/dma/auth.conf -rw-r--r-- 1 root wheel 105 Apr 11 18:40 /etc/dma/dma.conf This is currently needed for the unprivileged send email via dma(8), but at the same time it allows anyone to obtain the password of the SMARTHOST, if one is used for the local machine. In Debian this is solved by having dma installed as setgid executable, and setting its group to 'mail'. A similar approach might work for FreeBSD too. - It should be checked how Dragonfly BSD does, and if they audited dma(8) for setgid use - It is probably wise to assign dma(8) to a dedicated group, different than `mail`, since for example /var/mail is by default 0775 root:mail -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-288409-227>