4 files changed, 71 insertions, 22 deletions

diff --git a/mail/majordomo/Makefile b/mail/majordomo/Makefile
index d3a7913bc925..fece3f312c6f 100644
--- a/mail/majordomo/Makefile
+++ b/mail/majordomo/Makefile
@@ -13,7 +13,7 @@ MASTER_SITES=	ftp://ftp.greatcircle.com/pub/majordomo/1.94.5/ \
 		ftp://ftp.sgi.com/other/majordomo/1.94.5/
 EXTRACT_SUFX=   .tgz
 
-MAINTAINER=	anders@fix.no
+MAINTAINER=	anders@FreeBSD.org
 
 .if defined(WITH_SHA1_COOKIES)
 RUN_DEPENDS=	${LOCALBASE}/lib/perl5/site_perl/${PERL_VER}/${PERL_ARCH}/Digest/SHA1.pm:${PORTSDIR}/security/p5-Digest-SHA1
@@ -93,6 +93,7 @@ post-install:
 		@ ${CHMOD} 755 ${PREFIX}/majordomo/lists/test-l-digest.archive
 		@ ${CHMOD} 660 ${PREFIX}/majordomo/lists/*.passwd
 .if !defined(BATCH)
+		@ ${SH} ${SCRIPTDIR}/adaptwrapper ${PREFIX}
 		@ /usr/bin/more -e ${FILESDIR}/post-install-notes
 .endif
 
diff --git a/mail/majordomo/files/post-install-notes b/mail/majordomo/files/post-install-notes
index 286a06a54e70..4729dc9a085f 100644
--- a/mail/majordomo/files/post-install-notes
+++ b/mail/majordomo/files/post-install-notes
@@ -26,23 +26,11 @@ manually:
 
 	  or a line similar to the following to your m4 macros file :
 
-	  define(`ALIAS_FILE',/etc/aliases,/usr/local/majordomo/aliases.majordomo')
+	  define(`ALIAS_FILE',`/etc/aliases,/usr/local/majordomo/aliases.majordomo')
 
 	- consider using ports/mail/tlb to process your deliveries if you
 	  want to hide your outgoing aliases.  This way you can prevent people
 	  from evading restrictions for posting to your lists.
 
-	- the user executing the commands of your local aliases must be added
-	  to your majordom group to be able to execute the setuid wrapper
-	  script. Sendmail does this as daemon by default, which is already
-	  added. The postfix port uses nobody by default, which should be
-	  changed to another user if your users can execute commands as user
-	  nobody (Apache/CGI comes to mind). Postfix does not do initgroups()
-	  properly, so you need to chgrp the wrapper script to the group of
-	  the default_privs user (this may apply for other MTAs as well) for
-	  it to work. It is important that you do this and not just make
-	  wrapper executable for all; you are increasing the chances of it
-	  getting exploited if you do.
-
 Enjoy Majordomo!
 
diff --git a/mail/majordomo/scripts/adaptwrapper b/mail/majordomo/scripts/adaptwrapper
new file mode 100644
index 000000000000..1c4d4fde4f9d
--- /dev/null
+++ b/mail/majordomo/scripts/adaptwrapper
@@ -0,0 +1,68 @@
+#! /bin/sh
+# anders@FreeBSD.org, 2002-02-08
+
+if [ -z "$1" ]
+then
+	prefix=/usr/local/majordomo
+else
+	prefix=$1/majordomo
+fi
+tempfile=`/usr/bin/mktemp -t radiolist`
+
+/usr/bin/dialog --title "Making the majordomo wrapper run" --clear --radiolist "We need to make the majordomo wrapper program executable by your Mail\nDelivery Agent, but do not want it executable for all users due\nto security reasons.\n\n(This script can be re-executed from\n/usr/ports/mail/majordomo/scripts/adaptwrapper.)\n\nAdapt to the MDA of:" -1 -1 5 \
+Sendmail	"(add users daemon/mailnull to the majordom group)" ON \
+Postfix		"(change group ownership of wrapper to nobody)" OFF \
+2>$tempfile
+
+if [ "$?" = "1" ]
+then
+	echo "Cancel pressed. You will need to make wrapper executable yourself."
+fi
+
+choice=`cat $tempfile`
+rm -f $tempfile
+if [ -z "$choice" ]
+then
+	echo "Empty selection."
+	exit 1
+fi
+
+addmember() {
+# $1: group $2: user
+	if !(pw groupmod $1 -m $2 >/dev/null 2>&1)
+	then
+		echo "Error: Could not add user $2 to group $1."
+		exit 1
+	fi
+}
+
+changegroup() {
+# $1: group
+	mywrapper=$prefix/wrapper
+	if !(chgrp $1 $mywrapper >/dev/null 2>&1)
+	then
+		echo "Error: Could not change group ownership of"
+		echo "$mywrapper"
+		echo "to group $1."
+		exit 1
+	fi
+}
+
+case $choice in
+'Sendmail')
+	addmember majordom daemon
+	if (pw usershow mailnull >/dev/null 2>&1)
+	then
+		addmember majordom mailnull
+	fi
+	;;
+'Postfix')
+	changegroup nobody
+	;;
+'None')
+	echo "Fine. I see you want to make wrapper executable yourself."
+	;;
+*)
+	echo "Unknown MTA specified."
+	;;
+esac
diff --git a/mail/majordomo/scripts/createuser b/mail/majordomo/scripts/createuser
index ac9675afdbce..f755b0b04d92 100644
--- a/mail/majordomo/scripts/createuser
+++ b/mail/majordomo/scripts/createuser
@@ -59,11 +59,3 @@ if( $result ) {
 	print "Failed to add/modify user majordom!\n";
 	exit 1;
 }
-
-## Add daemon to majordom group, to allow sendmail to call wrapper
-## via direct pipes in /etc/mail/aliases
-$result = system( "pw groupmod majordom -m daemon" );
-if( $result ) {
-	print "Failed to add/modify user majordom!\n";
-	exit 1;
-}