From owner-freebsd-bugs Mon Mar 18 12:00:05 1996 Return-Path: owner-bugs Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id MAA29974 for bugs-outgoing; Mon, 18 Mar 1996 12:00:05 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id MAA29947 Mon, 18 Mar 1996 12:00:03 -0800 (PST) Resent-Date: Mon, 18 Mar 1996 12:00:03 -0800 (PST) Resent-Message-Id: <199603182000.MAA29947@freefall.freebsd.org> Resent-From: gnats (GNATS Management) Resent-To: freebsd-bugs Resent-Reply-To: FreeBSD-gnats@freefall.FreeBSD.org, henrich@msu.edu Received: from crh.cl.msu.edu (crh.cl.msu.edu [35.8.1.24]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id LAA28040 for ; Mon, 18 Mar 1996 11:50:11 -0800 (PST) Received: (from henrich@localhost) by crh.cl.msu.edu (8.6.12/8.6.12) id OAA06991; Mon, 18 Mar 1996 14:50:09 -0500 Message-Id: <199603181950.OAA06991@crh.cl.msu.edu> Date: Mon, 18 Mar 1996 14:50:09 -0500 From: henrich@msu.edu Reply-To: henrich@msu.edu To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: misc/1088: mail.local doesnt deal with quota's Sender: owner-bugs@freebsd.org X-Loop: FreeBSD.org Precedence: bulk >Number: 1088 >Category: misc >Synopsis: mail.local will happily overfill a users mailbox putting them over quota >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Mar 18 12:00:01 PST 1996 >Last-Modified: >Originator: Charles Henrich >Organization: Charles Henrich Michigan State University henrich@msu.edu http://pilot.msu.edu/~henrich >Release: FreeBSD 2.1-STABLE i386 >Environment: 2.1.0-RELEASE (all FreeBSD versions actually) >Description: mail.local runs with root permissions and as such can fill a users mailbox endlessly. When quota's are turned on this causing no end of problems with elm/pine and any other mailer. Its also a pain in the ass when users are subscribed to a hundred mailling lists and filling up your disk. >How-To-Repeat: Send email to a user w/ a quota. >Fix: Simple fix, seteuid() in mail.local before attempting delivery, then seteuid() back when done. Patch follows: *** mail.local.c Tue May 30 01:46:12 1995 --- /sup/usr/src/libexec/mail.local/mail.local.c Mon Mar 18 14:42:08 1996 *************** *** 199 **** --- 200 ---- + uid_t saveeuid; *************** *** 234 **** --- 236,237 ---- + + saveeuid=geteuid(); *************** *** 235 **** --- 239 ---- + *************** *** 246 **** --- 251,259 ---- + + /* Now that the box is created and permissions are correct, we + close it and go back to the top so that we will come in + and write as the user. We dont seteuid() before the above + open, because we have to be root/bin to write in var/mail */ + + close(mbfd); + goto tryagain; + *************** *** 251 **** --- 265,272 ---- + + /* Become the user, so quota enforcement will occur */ + + if(seteuid(pw->pw_uid) != 0) { + warn("Unable to setuid()"); + return; + } + *************** *** 258 **** --- 280 ---- + seteuid(saveeuid); *************** *** 262 **** --- 285,286 ---- + if(geteuid() == pw->pw_uid) seteuid(saveeuid); + *************** *** 285 **** --- 310 ---- + *************** *** 306 **** --- 332 ---- + >Audit-Trail: >Unformatted: