Re: bin/46790

[neitzel%marshlabs.gaertner.de@localhost]

The following reply was made to PR bin/46790; it has been noted by GNATS.

From: neitzel%marshlabs.gaertner.de@localhost
To: gnats-bugs%NetBSD.org@localhost
Cc: 
Subject: Re: bin/46790
Date: Tue, 19 Nov 2013 23:15:14 +0100

 [msgs(1), the web-2.0 from the 80ies which NetBSD manages to break
 every six years :-)]
 
 I considered "postconf default_privs=daemon" to be an appropriate
 fix in my environment, but that may not be approriate for everybody.
 So I suggest a comment in the default aliases file pointing out that
 further action is required.  My patch below may be a tad too verbose,
 feel free to shorten it at your discretion.
 
                                                        Martin
 
 
 Index: aliases
 ===================================================================
 RCS file: /cvsroot/src/etc/aliases,v
 retrieving revision 1.22
 diff -u -r1.22 aliases
 --- aliases    25 Aug 2010 15:38:44 -0000      1.22
 +++ aliases    19 Nov 2013 21:55:44 -0000
 @@ -54,3 +54,22 @@
  
  # uncomment this for msgs(1):
  # msgs: "|/usr/bin/msgs -s"
 +
 +# Please note for such "|program" destinations:
 +#
 +# NetBSD's previous default MTA, Allmann's/ISC's "sendmail" package,
 +# executed such programs as user "daemon", while the current default
 +# MTA "postfix" uses the user "nobody" instead (see local(8), section
 +# "DELIVERY RIGHTS").
 +#
 +# The msgs(1) spool is adjusted to the "daemon" setting;  it will work
 +# out of the with the ("package") sendmail MTA but not with the default
 +# postfix.   You NEED to make an informed policy decision here.
 +# You could either just
 +#
 +#     # postconf default_privs=daemon
 +#
 +# affecting all(!) program destinations in this aliases(5) file,
 +# or employ something such as "sudo" or other setuid/gid solutions tailored
 +# to individual "|program" destinations.  (Whatever you do, *don't* just
 +# make /var/msgs{,/bounds} writable for "nobody", i.e. the world.)