On Sun, Mar 05, 2023 at 11:26:06PM +0100, Guillem Jover wrote: > On Sun, 2023-03-05 at 20:36:01 +0100, Marc Haber wrote: > > On Sun, Mar 05, 2023 at 05:31:16PM +0100, Guillem Jover wrote: > > > The daily aide cron job warns that it cannot send mail as non-root > > > user. Was wondering why or how to change or workaround that, and saw > > > commit e82b5c9112d95b5c813ee29c3234733ae0f2c862, but it is not clear > > > why mail from non-root was disabled > > > > See README.Debian.gz, chapter "Sending the report per mail" and re-open > > this bug if the explanation is not satisfactory. Documentation patch is > > appreciated. > > > > tl;dr: suid root on /usr/lib/sendmail doesn't work when capsh is used. > > See my earlier followup mail, it seems to be working for me though? > With bsd-mailx, exim4 (which is suid-root) and capsh installed. So > I'm not sure I'm doing something "wrong", or the case that's not > supposed to work is something else?
Sorry for not reading up on the entire bug history before replying yesterday. I just did very superficial testing of the non-systemd code paths since I don't have a big fleet of non-systemd machines at all. My diagnosis was that on my test systems, the exim4 the message ended up with by virtue of the /usr/lib/sendmail symlink didn't run as root despite being suid root as soon as capsh was used. I don't know why you made a different experience. Maybe it would be a good idea to make the "do not run as root" code a bit less automagic and offer a "alwas run as root" option in /etc/default/aide. I am not sure whether this would qualify as a "small, targeted fix" as per release policy, so I would probably be more happy with documenting a working way to get the current code working for bookworm. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
