ssl-parameters.dat, should use ssl_parameters_file config variable)

Debian Bug Tracking System Tue, 12 Sep 2017 13:42:37 -0700

Your message dated Tue, 12 Sep 2017 23:33:30 +0300
with message-id <[email protected]>
and subject line Re: Bug#626211: dovecot-common: ssl-params uses hardcoded 
/var/lib/dovecot/ssl-parameters.dat, should use ssl_parameters_file config 
variable
has caused the Debian Bug report #626211,
regarding dovecot-common: ssl-params uses hardcoded 
/var/lib/dovecot/ssl-parameters.dat, should use ssl_parameters_file config 
variable
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
626211: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626211
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: dovecot-common
Version: 1:2.0.12-1
Severity: normal

dovecot's ssl-params sub-daemon appears to hardcode the path and
filename to its parameters file.

However, the other dovecot tools appear to look for the file using the
ssl_parameters_file configuration variable.

Launching dovecot as a non-privileged user without write permissions
to /var/lib/dovecot produces the following warnings on stderr, even if
ssl_parameters_file is set to a location where the user has read/write
permissions:

2011-05-09 16:38:42 master: Info: Dovecot v2.0.12 starting up (core dumps 
disabled)
2011-05-09 16:38:42 ssl-params: Error: 
open(/var/lib/dovecot/ssl-parameters.dat) failed: Permission denied
2011-05-09 16:38:42 ssl-params: Fatal: 
creat(/var/lib/dovecot/ssl-parameters.dat.tmp) failed: Permission denied
2011-05-09 16:38:42 ssl-params: Error: child process failed with status 22784

Feel free to forward this upstream if you think it would be useful.

thanks for maintaining dovecot in debian!

Regards,

        --dkg


-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.38-2-686 (SMP w/1 CPU core)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages dovecot-common depends on:
ii  adduser                 3.112+nmu2       add and remove users and groups
ii  libbz2-1.0              1.0.5-6          high-quality block-sorting file co
ii  libc6                   2.11.2-11        Embedded GNU C Library: Shared lib
ii  libpam-runtime          1.1.2-2          Runtime support for the PAM librar
ii  libpam0g                1.1.2-2          Pluggable Authentication Modules l
ii  libssl1.0.0             1.0.0d-2         SSL shared libraries
ii  openssl                 1.0.0d-2         Secure Socket Layer (SSL) binary a
ii  ucf                     3.0025+nmu2      Update Configuration File: preserv
ii  zlib1g                  1:1.2.3.4.dfsg-3 compression library - runtime

dovecot-common recommends no packages.

Versions of packages dovecot-common suggests:
ii  ntp                 1:4.2.6.p2+dfsg-1+b2 Network Time Protocol daemon and u

-- Configuration Files:
/etc/default/dovecot changed [not included]

-- no debconf information

--- End Message ---

--- Begin Message ---

Source: dovecot
Version: 1:2.2.5-1

On 17:59 Mon 09 May     , Daniel Kahn Gillmor wrote:
> dovecot's ssl-params sub-daemon appears to hardcode the path and
> filename to its parameters file.
> 
> However, the other dovecot tools appear to look for the file using the
> ssl_parameters_file configuration variable.
> 
> Launching dovecot as a non-privileged user without write permissions
> to /var/lib/dovecot produces the following warnings on stderr, even if
> ssl_parameters_file is set to a location where the user has read/write
> permissions:
> 
> 2011-05-09 16:38:42 master: Info: Dovecot v2.0.12 starting up (core dumps 
> disabled)
> 2011-05-09 16:38:42 ssl-params: Error: 
> open(/var/lib/dovecot/ssl-parameters.dat) failed: Permission denied
> 2011-05-09 16:38:42 ssl-params: Fatal: 
> creat(/var/lib/dovecot/ssl-parameters.dat.tmp) failed: Permission denied
> 2011-05-09 16:38:42 ssl-params: Error: child process failed with status 22784
> 

Fixed in 2.2 by making state_dir configurable:

 commit 2e533fb1283b5f06a4063b519e47f1861c910386
 Author: Timo Sirainen <[email protected]>
 Date:   Wed Aug 22 16:55:27 2012 +0300
 
     Made PKG_STATEDIR configurable with state_dir setting.
     Based on patch by Chris Webb.
     
     Normally this isn't needed, since the data in the state_dir can be shared
     across multiple Dovecot instances, but in some specific use cases this may
     be useful (e.g. users running their own Dovecots).
 
Regards,
Apollon

--- End Message ---

Bug#626211: marked as done (dovecot-common: ssl-params uses hardcoded /var/lib/dovecot/ssl-parameters.dat, should use ssl_parameters_file config variable)

Reply via email to