From owner-freebsd-ports-bugs@FreeBSD.ORG Thu May 1 18:50:16 2003 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D241237B401 for ; Thu, 1 May 2003 18:50:16 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id AFB3943FDD for ; Thu, 1 May 2003 18:50:15 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h421oFUp073255 for ; Thu, 1 May 2003 18:50:15 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h421oFB4073254; Thu, 1 May 2003 18:50:15 -0700 (PDT) Resent-Date: Thu, 1 May 2003 18:50:15 -0700 (PDT) Resent-Message-Id: <200305020150.h421oFB4073254@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, "Scot W. Hetzel" Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8F4D837B401; Thu, 1 May 2003 18:44:48 -0700 (PDT) Received: from mail.westbend.net (ns1.westbend.net [216.47.253.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6984F43FA3; Thu, 1 May 2003 18:44:47 -0700 (PDT) (envelope-from admin@WBIw009.westbend.net) Received: from WBIw009.westbend.net (wbiw009 [216.47.253.29]) by mail.westbend.net (8.12.9/8.12.9) with ESMTP id h421ihdR001360; Thu, 1 May 2003 20:44:44 -0500 (CDT) (envelope-from admin@WBIw009.westbend.net) Received: from WBIw009.westbend.net (localhost [127.0.0.1]) by WBIw009.westbend.net (8.12.9/8.12.9) with ESMTP id h421hLen046888; Thu, 1 May 2003 20:44:43 -0500 (CDT) (envelope-from admin@WBIw009.westbend.net) Received: (from root@localhost) by WBIw009.westbend.net (8.12.9/8.12.9/Submit) id h421hLcY046887; Thu, 1 May 2003 20:43:21 -0500 (CDT) (envelope-from admin) Message-Id: <200305020143.h421hLcY046887@WBIw009.westbend.net> Date: Thu, 1 May 2003 20:43:21 -0500 (CDT) From: "Scot W. Hetzel" To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 cc: ume@FreeBSD.org Subject: ports/51680: security/cyrus-sasl?: Group readable file when sending locally X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: "Scot W. Hetzel" List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 May 2003 01:50:17 -0000 >Number: 51680 >Category: ports >Synopsis: security/cyrus-sasl?: Group readable file when sending locally >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Thu May 01 18:50:14 PDT 2003 >Closed-Date: >Last-Modified: >Originator: Scot W. Hetzel >Release: FreeBSD 4.8-STABLE i386 >Organization: West Bend Internet >Environment: System: FreeBSD WBIw009.westbend.net 4.8-STABLE FreeBSD 4.8-STABLE #2: Tue Apr 22 02:28:52 CDT 2003 root@WBIw009.westbend.net:/usr/obj/usr/src/4x/sys/GENERIC-SMP i386 >Description: When sending mail localy on a system compiled woth SASL AUTH, the sendmail mail submission program will log the following error on the sasldb file: error: safesasl(/usr/local/etc/sasldb) failed: Group readable file This problem was reported on the FreeBSD-ports mailing list by David Babler NOTE: sendmail.cf has DontBlameSendmail set to GroupReadableSASLDBFile. >How-To-Repeat: Install sendmail with SASL AUTH, and follow directions in the Sendmail.README file installed by the security/cyrus-sasl* ports to set up the sendmail.cf file. Then send a message from that system and check /var/log/maillog for the above error. >Fix: The fix is in the attached patch to the files/Sendmail.README file. NOTE: This patch needs to be applied to both cyrus-sasl and cyrus-sasl2 ports. Index: Sendmail.README =================================================================== RCS file: /home/ncvs/ports/security/cyrus-sasl/files/Sendmail.README,v retrieving revision 1.8 diff -u -r1.8 Sendmail.README --- Sendmail.README 5 Oct 2002 19:38:18 -0000 1.8 +++ Sendmail.README 2 May 2003 00:53:56 -0000 @@ -41,6 +41,19 @@ dnl Use the following for Sendmail 8.10 - 8.11 define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLFile')dnl +5) Add the following before FEATURE(msp) in your sendmail 8.12 submit.mc file: + + define(`confRUN_AS_USER',`smmsp:mail')dnl + define(`confTRUSTED_USER',`smmsp')dnl + define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLDBFile')dnl + + If this is not added to the submit.mc file, then sendmail will give + this error in the log: + + error: safesasl(/usr/local/etc/sasldb) failed: Group readable file + + when sending mail locally. + ---- Additional AUTH Mechanisms are LOGIN, PLAIN, GSSAPI, and KERBEROS_V4. >Release-Note: >Audit-Trail: >Unformatted: