Package: maildrop Followup-For: Bug #818377 Is the current situation still as described in the last comment?
Last time I tried, this bug pervented maildrop to be used with Courier when configured with virtual accounts. I've been avoiding Courier and maildrop Debian packages since then. As for setuid root, yes, as far as I understand source code and manpage (https://www.courier-mta.org/maildrop.html#security), HAVE_COURIER builds of maildrop do need to run setuid root in order to provide the -D feature, which Courier uses to deliver messages to virtual accounts (and maybe other cases too). A quick glance at the source code makes me believe a patch to make HAVE_COURIER dynamic is not that hard to write. If you confirm that this bug is still unresolved I could try to write the patch and submit it upstream. Besides, I think it's overkill to check at runtime for setuid in order to behave like if HAVE_COURIER was present at build time: it's enough to check if the -D option is specified (the code to check that is already there) and, in that case, proceed assuming we are running with setuid root and with HAVE_COURIER at build time. If maildrop is not actually setuid root it will simply fail providing the -D feature (it only needs to be documented in the manpage), otherwise it will just work as intended by Courier. There are only two problems I see with this approach: 1) HAVE_COURIER declares an additional global variable before we can check for -D (namely "const char *numuidgid = 0;"), so we need to declare that variable regardless and use it only in -D case. I think this is not grave at all. 2) Users that want to run maildrop with Courier will need to setuid root the maildrop binary themselves, after the usual "apt install", so it does not work out of the box. I don't know if a manual setuid root operation is acceptable under all the Debian packaging guidelines and rules and whatever. -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (900, 'testing'), (800, 'stable'), (700, 'unstable'), (500, 'stable-updates') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.4.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=it_IT.utf8, LC_CTYPE=it_IT.utf8 (charmap=UTF-8), LANGUAGE=it_IT.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages maildrop depends on: pn courier-authlib <none> ii libc6 2.29-10 pn libcourier-unicode4 <none> ii libgcc-s1 [libgcc1] 10-20200211-1 ii libgcc1 1:9.2.1-25 ii libgdbm6 1.18.1-5 ii libpcre3 2:8.39-12+b1 ii libstdc++6 9.2.1-25 Versions of packages maildrop recommends: ii lsb-invalid-mta [mail-transport-agent] 4.1+Debian13+nmu1 maildrop suggests no packages.