Subject: Developers of Sympa
List archive
Re: [sympa-developpers] what to do with this patch ?
- From: Soji Ikeda <address@concealed>
- To: Marc Chantreux <address@concealed>
- Cc: address@concealed
- Subject: Re: [sympa-developpers] what to do with this patch ?
- Date: Wed, 10 Jan 2018 10:13:31 +0900
Hi Marc,
Could you please submit new issue on GitHub? (You need not do PR in this
case. Simply paste your patch in the text).
If you have difficulty to access to GitHub, let me know: I’ll submit your
patch.
Regards,
— Soji
2018/01/10 2:01、Marc Chantreux <address@concealed>のメール:
> hello people,
>
> as i setup a devel instance of sympa, i realized that i wasn't able to
> start sympa daemons as my sympa user is member of multiple groups.
>
> as attachment, a patch that works for me and not really tested.
>
> i don't know how to go further:
>
> * a simple grep shown me that we should probably remove some copy-pasta
>
> grep -RF setuid
>
> src/sbin/bulk.pl.in:POSIX::setuid((getpwnam(Sympa::Constants::USER))[2]);
> src/sbin/sympa.pl.in:POSIX::setuid((getpwnam(Sympa::Constants::USER))[2]);
> src/sbin/task_manager.pl.in:POSIX::setuid((getpwnam(Sympa::Constants::USER))[2]);
> src/sbin/sympa_msg.pl.in:POSIX::setuid((getpwnam(Sympa::Constants::USER))[2]);
> src/sbin/archived.pl.in:POSIX::setuid((getpwnam(Sympa::Constants::USER))[2]);
> src/sbin/sympa_automatic.pl.in:POSIX::setuid((getpwnam(Sympa::Constants::USER))[2]);
> src/sbin/bounced.pl.in:POSIX::setuid((getpwnam(Sympa::Constants::USER))[2]);
> src/bin/upgrade_shared_repository.pl.in:POSIX::setuid((getpwnam(Sympa::Constants::USER))[2]);
> src/bin/upgrade_send_spool.pl.in:POSIX::setuid((getpwnam(Sympa::Constants::USER))[2]);
> src/bin/upgrade_bulk_spool.pl.in:POSIX::setuid((getpwnam(Sympa::Constants::USER))[2]);
>
> * i'm scared to introduce bugs in other weird plateforms that is sure
> still used by some members of the sympa community without our ability
> to test anything on it. this is one of the reasons of the point 2:
>
> * i really think that in a future major version of sympa,
> this code should be just removed instead of being optimistically
> maintained: there are lot of external tools to make those kind of
> things and administrators should be happy pick the one he wants.
>
> As exemples:
> * old debian has stop-start-daemon so you can use --user and --group
> * ubuntu used to use upstart which has setuid and setgid instructions
> * systemd [service] section has a User= and a Group= variable
> * ...
>
> so it seems to me that removing this code is not only good for us but
> also good for the sympa system administrators.
>
> * however: if we use this patch, maybe set_daemon_identity should be in
> a module and `grep -RF setuid` should release 1 single line.
>
> so ... your opinion about it ?
>
> regards,
> marc
>
>
> <0001-when-the-sympa-user-is-member-of-more-than-one-group.patch>
-
[sympa-developpers] what to do with this patch ?,
Marc Chantreux, 01/09/2018
- Re: [sympa-developpers] what to do with this patch ?, Soji Ikeda, 01/10/2018
Archive powered by MHonArc 2.6.19+.