ports/114945: [request] Protect mail/ssmtp configuration files

[Ernst de Haan]

>Number:         114945
>Category:       ports
>Synopsis:       [request] Protect mail/ssmtp configuration files
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jul 26 15:20:02 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     Ernst de Haan
>Release:        FreeBSD 6.2-RELEASE-p6 amd64
>Organization:
>Environment:
System: FreeBSD andes.pensioenpage.com 6.2-RELEASE-p6 FreeBSD 6.2-RELEASE-p6 #2: Wed Jul 25 11:33:08 CEST 2007 root at andes.pensioenpage.com:/usr/obj/usr/src/sys/ANDES amd64
>Description:
mail/ssmtp is a minimalistic tool that allows sending of e-mail from the host it is installed on, using the SMTP services provided by another host.

The following would -in my opinion- be a normal situation:
1. the SMTP service requires SSL;
2. the SMTP service requires authentication;
3. the authentication details are considered confidential.

This is hard to accomplish with the current mail/ssmtp port, since the /usr/local/etc/ssmtp.conf file is world-readable. This is required, since the ssmtp binary runs as the current user.

Hereby I request a solution is implemented for this. I propose the following:
1. During installation, add a user 'ssmtp' with no home directory, password and shell
2. Protect the /usr/local/etc/ssmtp/ directory by setting owner=ssmtp, group=wheel and permissions=rwxr-x---, so outside wheel nobody can read the files.
3. Make the 'ssmtp' executable owned by the user 'ssmtp' and mark it SUID.
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted: