I want to use the "adminaddr" control file (i.e. /etc/nullmailer/adminaddr), so I created it, changed its group to nullmail (like the "remotes" control file), and chmod'ed it to 640. I did this because I consider the e-mail address to be sensitive information. However when I use the mail command to send something to "root", and thereby use the default address defined in the "adminaddr" file, the command fails with a vague error message. I had to run mail with strace capturing all forked process info (strace -o mail_strace -ff -y --string-limit=128 mail ...) to determine it was the nullmailer-queue process which was failing when it tried to open the "adminaddr" file for reading. (And technically that file is always read, so mail fails even when sending to a fully-qualified recipient address.) /usr/sbin/nullmailer-queue is installed with owner nullmail, group nullmail, and permissions 4711 (setuid bit but not setgid bit), see: https://gitweb.gentoo.org/repo/gentoo.git/tree/mail-mta/nullmailer/nullmailer-2.2-r2.ebuild#n109 To be honest I was a little surprised by this problem, since nullmailer-queue is running as group root (GID and Effective GID are 0) I assumed it should have access to everything even if it's Effective UID isn't root, but I guess that's not how it works (need to brush up on my UNIX permissions). Reproducible: Always Steps to Reproduce: 1. Become root 2. echo "your-email@example.com" >/etc/nullmailer/adminaddr 3. chgrp nullmail /etc/nullmailer/adminaddr 4. chmod 640 /etc/nullmailer/adminaddr 5. mail --subject=Test -- root <<<'' Actual Results: Get output "mail: cannot send message: Process exited with a non-zero status", e-mail isn't sent. Expected Results: No output, and e-mail is sent.
Created attachment 845664 [details] brief program to simulate how nullmailer-queue opens adminaddr file Attached readfile.c to simulate how nullmailer-queue opens /etc/nullmailer/adminaddr but print more info about what is happening. Steps to reproduce exactly my scenario (as root): 1. gcc -o readfile readfile.c 2. chmod 4711 readfile 3. chown nullmail:nullmail readfile 4. echo "my-email@example.com" >/etc/nullmailer/adminaddr 5. chmod 640 /etc/nullmailer/adminaddr 6. chown root:nullmail /etc/nullmailer/adminaddr 7. ./readfile
I noticed bug #683332, which maybe provides more reason to have the setgid bit set.