On 2020-11-20 10:16 a.m., Martin Lambers wrote: > Package: msmtp > Version: 1.8.11-2 > Severity: normal > > Dear Maintainer, > > There are several problems in the Debian AppArmor profile that are frequently > reported to me as the upstream maintainer, but I cannot fix them since > I do not ship the AppArmor profile.
I'm sorry that it caused you trouble and thanks for reaching out! > 1. Option --file > AppArmor restricts which configuration files msmtp may read. This > breaks option --file because the user cannot chose freely anymore. > > 2. Option --logfile and configuration command logfile > The AppArmor profile does not allow msmtp to write log information > to arbitrary files, which breaks the corresponding configuration > options and command. > > 3. Option --passwordeval and command passwordeval > The AppArmor profile restricts the commands that msmtp may execute. > This breaks the passwordeval configuration option and command. > This restriction is documented in News.Debian, but in my opinion this > does not make things better. > > A big problem is that users do not know where to look if they get an > unexplainable "permission denied" error. Almost nobody knows that > AppArmor interferes. > > A working AppArmor profile would have to allow reading, writing and > executing arbitrary files, which would make it pretty much useless. > > I therefore propose to either remove the AppArmor profile or restrict it > to the msmtp-mta package, so that most users can continue using msmtp as > expected. I'd like to propose to continue shipping the Apparmor profile but have it disabled by default. This way it would be an (easy) opt-in procedure for those who want the additional security and not even a concern for others. Presumably, those opting in would be more savvy with Apparmor and should in theory not send you as many bug reports. Would that work for you? Regards, Simon P.S.: I'd like to thank you for building the best small MTA I know of!
