Date: Sun, 30 Sep 2012 11:21:43 -0700 (PDT) From: David Wolfskill <david@catwhisker.org> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/172189: milter-regex startup script needs to permit run-as user Message-ID: <201209301821.q8UILhDb004646@albert.catwhisker.org> Resent-Message-ID: <201209301830.q8UIU4Hr099089@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 172189 >Category: ports >Synopsis: milter-regex startup script needs to permit run-as user >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Sep 30 18:30:03 UTC 2012 >Closed-Date: >Last-Modified: >Originator: David Wolfskill >Release: FreeBSD 9.1-PRERELEASE i386 >Organization: Wolfskill & Dowling Residence >Environment: System: FreeBSD janus.catwhisker.org 9.1-PRERELEASE FreeBSD 9.1-PRERELEASE #374 241067M: Sun Sep 30 05:08:36 PDT 2012 root@freebeast.catwhisker.org:/usr/obj/usr/src/sys/JANUS i386 >Description: This is regarding the mail/milter-regex port. milter-regex(8) includes "... [-u user]" among the command line arguments with which it may be started, and goes on to state: ... -u user Run as the specified user instead of the default, _milter-regex. When milter-regex is started as root, it calls setuid(2) to drop privileges. The non-privileged user should have read access to the configuration file and read-write access to the pipe. ... We have 2 possibilities of interest: milterregex_flags specifies "-u ..." or it doesn't. If it doesn't (default case, as the variable is empty by default), Regardless of anything specified for milter-regex rc variables, milter-regex is started as sendmail's default user, which is "mailnull" (unless specified otherwise via sendmail configuration). This is at variance with the documentation for milter-regex (cited above), which claims that "_milter-regex" is what would be used for this purpose. And the "spooldir" is created by the sendmail default user (e.g., mailnull), so unless milter-regex is also running as (e.g., mailnull), the process will be unable to create its pidfile, so it will fail to start. One may try specifying "-u user" in milterregex_flags, but the startup script has no ability to change ownership of $spooldir to the specified user. (And doing so via that mechanism would require that the script learn how to parse the milterregex_flags, which doesn't seem very reasonable to me.) So that doesn't help much. >How-To-Repeat: Configure sendmail to have "mailnull" as its default user, install the milter-regex port, and try to get it to run. >Fix: The below patch is how I made it work for me. I created a new rc variable, milterregex_user (to avoid the parsing issue), then added a line to the script to force ownership of the $spooldir to the specified user. I set it up to (still) default to mailnull, but I did that before I figured out that milter-regex starting as mailnull was an artifact of the sendmail configuration. Perhaps that ought to be changed to "_milter-regex" (to agree with milter-regex(8)). It works for me; YMMV. :-} --- milterregex 2012/09/30 17:05:07 1.1 +++ milterregex 2012/09/30 17:45:41 @@ -19,6 +19,7 @@ # DO NOT CHANGE THESE DEFAULT VALUES HERE # # milterregex_flags Flags to milter-regex program +# milterregex_user User who runs milter-regex program [ -z "$milterregex_enable" ] && milterregex_enable="NO" # Enable milter-regex @@ -36,4 +37,5 @@ } load_rc_config $name +chown ${milterregex_user:-mailnull} $spooldir run_rc_command "$1" >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201209301821.q8UILhDb004646>