Date: Sun, 30 Sep 2012 11:21:43 -0700 (PDT) From: David Wolfskill <david@catwhisker.org> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/172189: milter-regex startup script needs to permit run-as user Message-ID: <201209301821.q8UILhDb004646@albert.catwhisker.org> Resent-Message-ID: <201209301830.q8UIU4Hr099089@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 172189
>Category: ports
>Synopsis: milter-regex startup script needs to permit run-as user
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Sep 30 18:30:03 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: David Wolfskill
>Release: FreeBSD 9.1-PRERELEASE i386
>Organization:
Wolfskill & Dowling Residence
>Environment:
System: FreeBSD janus.catwhisker.org 9.1-PRERELEASE FreeBSD 9.1-PRERELEASE #374 241067M: Sun Sep 30 05:08:36 PDT 2012 root@freebeast.catwhisker.org:/usr/obj/usr/src/sys/JANUS i386
>Description:
This is regarding the mail/milter-regex port.
milter-regex(8) includes "... [-u user]" among the command line
arguments with which it may be started, and goes on to state:
...
-u user Run as the specified user instead of the default,
_milter-regex. When milter-regex is started as
root, it calls setuid(2) to drop privileges.
The non-privileged user should have read access
to the configuration file and read-write access
to the pipe.
...
We have 2 possibilities of interest: milterregex_flags specifies
"-u ..." or it doesn't.
If it doesn't (default case, as the variable is empty by default),
Regardless of anything specified for milter-regex rc
variables, milter-regex is started as sendmail's default
user, which is "mailnull" (unless specified otherwise via
sendmail configuration). This is at variance with the
documentation for milter-regex (cited above), which claims
that "_milter-regex" is what would be used for this purpose.
And the "spooldir" is created by the sendmail default user
(e.g., mailnull), so unless milter-regex is also running
as (e.g., mailnull), the process will be unable to create
its pidfile, so it will fail to start.
One may try specifying "-u user" in milterregex_flags, but
the startup script has no ability to change ownership of
$spooldir to the specified user. (And doing so via that
mechanism would require that the script learn how to parse
the milterregex_flags, which doesn't seem very reasonable
to me.) So that doesn't help much.
>How-To-Repeat:
Configure sendmail to have "mailnull" as its default user, install
the milter-regex port, and try to get it to run.
>Fix:
The below patch is how I made it work for me.
I created a new rc variable, milterregex_user (to avoid the
parsing issue), then added a line to the script to force
ownership of the $spooldir to the specified user.
I set it up to (still) default to mailnull, but I did that
before I figured out that milter-regex starting as mailnull
was an artifact of the sendmail configuration. Perhaps
that ought to be changed to "_milter-regex" (to agree with
milter-regex(8)).
It works for me; YMMV. :-}
--- milterregex 2012/09/30 17:05:07 1.1
+++ milterregex 2012/09/30 17:45:41
@@ -19,6 +19,7 @@
# DO NOT CHANGE THESE DEFAULT VALUES HERE
#
# milterregex_flags Flags to milter-regex program
+# milterregex_user User who runs milter-regex program
[ -z "$milterregex_enable" ] && milterregex_enable="NO" # Enable milter-regex
@@ -36,4 +37,5 @@
}
load_rc_config $name
+chown ${milterregex_user:-mailnull} $spooldir
run_rc_command "$1"
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201209301821.q8UILhDb004646>