Bug#1032387: marked as done (aide: Cron job does not send mail with new _aide user)

Sun, 05 Mar 2023 11:39:14 -0800 

Your message dated Sun, 5 Mar 2023 20:36:01 +0100
with message-id <[email protected]>
and subject line Re: Bug#1032387: aide: Cron job does not send mail with new 
_aide user
has caused the Debian Bug report #1032387,
regarding aide: Cron job does not send mail with new _aide user
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1032387: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032387
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: aide
Version: 0.18-2
Severity: important

Hi!

The daily aide cron job warns that it cannot send mail as non-root
user. Was wondering why or how to change or workaround that, and saw
commit e82b5c9112d95b5c813ee29c3234733ae0f2c862, but it is not clear
why mail from non-root was disabled, as I don't see why that would not
work. In any case I did a local test in case there was something I was
missing, with:

  # echo test | sudo -u _aide mail -s "test mail as aide user" root

And got a mail to root resembling this anonymized fragment:

  ,---
  Date: Sun, 05 Mar 2023 17:23:07 +0100
  From: Advanced Intrusion Detection Environment <_aide@$hostname>
  To: root@$fqdn
  Subject: test mail as aide user
  Message-Id: <$msgid>

  test
  `---

Could that check be removed to restore daily mails? Perhaps the
intention was to disable that too for autopkgtests instead?

Thanks,
Guillem

--- End Message ---
--- Begin Message --- 
On Sun, Mar 05, 2023 at 05:31:16PM +0100, Guillem Jover wrote:
> The daily aide cron job warns that it cannot send mail as non-root
> user. Was wondering why or how to change or workaround that, and saw
> commit e82b5c9112d95b5c813ee29c3234733ae0f2c862, but it is not clear
> why mail from non-root was disabled

See README.Debian.gz, chapter "Sending the report per mail" and re-open
this bug if the explanation is not satisfactory. Documentation patch is
appreciated.

tl;dr: suid root on /usr/lib/sendmail doesn't work when capsh is used.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany    |  lose things."    Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature |  How to make an American Quilt | Fax: *49 6224 1600421

--- End Message ---

Reply via email to