| 2023-04-26 16:10:24 |
Simon Chopin |
description |
When upgrading to lunar from kinetic, there's a debconf prompt to warn the user that the binary isn't setGID anymore, so system-wide configuration won't work anymore. While that prompt is worthwhile for people who actually used system-wide configuration, it shouldn't be triggered for users that only have local user config.
For reference, the prompt in question:
┌───────────────────────────┤ Configuration de msmtp ├────────────────────────────┐
│ │
│ Remove SetGID bit on msmtp │
│ │
│ Starting from version 1.8.22, msmtp will no longer be SetGID. Hence the │
│ creation of the system-wide configuration (/etc/msmtprc) using debconf is │
│ removed. │
│ . │
│ From one side, using the system wide configuration implied msmtp to be SetGID │
│ but recent security hardening changes in GLib prevent SetGID binaries built │
│ against libsecret to talk to the D-Bus session, and therefore prevent it from │
│ being able to retrieve passwords from gnome-keyring or KWallet. │
│ . │
│ On another side, it was easy for a local user to obtain the credentials │
│ stored in /etc/msmtprc even if the file was not readable for this user when │
│ msmtp was SetGid. │
│ . │
│ More information in the following bug reports: │
│ - https://bugs.debian.org/944188 │
│ - https://bugs.debian.org/995012 │
│ │
│ <Ok> │
│ │
└─────────────────────────────────────────────────────────────────────────────────┘ |
[Impact]
When upgrading to lunar from kinetic, there's a debconf prompt to warn the user that the binary isn't setGID anymore, so system-wide configuration won't work anymore. While that prompt is worthwhile for people who actually used system-wide configuration, it shouldn't be triggered for users that only have local user config in their $HOME.
[Test plan]
In a fresh Kinetic container:
sudo apt install msmtp
do-release-upgrade -p # don't forget to enable -proposed
-> This should *NOT* have the msmtp SetGID debconf prompt
IN another fresh container:
sudo apt install msmtp
touch /etc/msmtprc
do-release-upgrade -p
-> This should trigger the debconf prompt
[ Where problems could occur ]
The fix could hide the warning in cases where users legitimately need to see it, leading to loss of functionality or even local security issues (use of insecure defaults that were corrected in the systemwide configuration).
[Other info]
For reference, the prompt in question:
┌───────────────────────────┤ Configuration de msmtp ├────────────────────────────┐
│ │
│ Remove SetGID bit on msmtp │
│ │
│ Starting from version 1.8.22, msmtp will no longer be SetGID. Hence the │
│ creation of the system-wide configuration (/etc/msmtprc) using debconf is │
│ removed. │
│ . │
│ From one side, using the system wide configuration implied msmtp to be SetGID │
│ but recent security hardening changes in GLib prevent SetGID binaries built │
│ against libsecret to talk to the D-Bus session, and therefore prevent it from │
│ being able to retrieve passwords from gnome-keyring or KWallet. │
│ . │
│ On another side, it was easy for a local user to obtain the credentials │
│ stored in /etc/msmtprc even if the file was not readable for this user when │
│ msmtp was SetGid. │
│ . │
│ More information in the following bug reports: │
│ - https://bugs.debian.org/944188 │
│ - https://bugs.debian.org/995012 │
│ │
│ <Ok> │
│ │
└─────────────────────────────────────────────────────────────────────────────────┘ |
|
