Package: smartmontools
Version: 5.38+svn2920-2
Severity: normal
The attached python script demonstrates that this problem originates in the
62_lowcap.patch patch, which is intended to limit smartd's capabilities to
those deemed necessary. The script uses libcap-ng's python bindings to drop
capabilities to smartd's level, then runs pscap to demonstrate this and
finally tries to send mail.
For this demo to work, do the following:
- install python-cap-ng
- put the attached test.py somewhere
- create a world-readable file testmail.txt in the same directory
- become root
- run 'python test.py'
On my system, I get the following result:
1843 2319 root python sys_rawio, sys_admin
1 18588 root smartd sys_rawio, sys_admin
exim: setgroups() failed: Operation not permitted
Can't send mail: sendmail process failed with error code 1
Regards,
Matijs van Zuijlen
--, Package-specific info:
Output of /usr/share/bug/smartmontools:
# CONFIG_IDE_TASK_IOCTL is not set
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.30-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages smartmontools depends on:
ii debianutils 3.2.1 Miscellaneous utilities specific t
ii libc6 2.9-26 GNU C Library: Shared libraries
ii libcap-ng0 0.6.1-1 Development and header files for l
ii libgcc1 1:4.4.1-4 GCC support library
ii libselinux1 2.0.85-4 SELinux runtime shared libraries
ii libstdc++6 4.4.1-4 The GNU Standard C++ Library v3
ii lsb-base 3.2-23 Linux Standard Base 3.2 init scrip
Versions of packages smartmontools recommends:
ii bsd-mailx [mailx] 8.1.2-0.20090911cvs-1 simple mail user agent
Versions of packages smartmontools suggests:
pn gsmartcontrol <none> (no description available)
ii powersaved 0.15.20-6 power management daemon
pn smart-notifier <none> (no description available)
-- no debconf information
import capng
import os
capng.capng_clear(capng.CAPNG_SELECT_BOTH)
capng.capng_update(capng.CAPNG_ADD, capng.CAPNG_EFFECTIVE|capng.CAPNG_PERMITTED, capng.CAP_SYS_ADMIN)
capng.capng_update(capng.CAPNG_ADD, capng.CAPNG_EFFECTIVE|capng.CAPNG_PERMITTED, capng.CAP_SYS_RAWIO)
capng.capng_apply(capng.CAPNG_SELECT_BOTH)
os.system('pscap | grep "\(python\|smartd\)"')
os.system('mail [email protected] < testmail.txt')