Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 05 Apr 2017 07:27:41 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-ports-bugs@FreeBSD.org
Subject:   [Bug 218392] mail/dovecot2: incompatible with security.bsd.see_other_uids and security.bsd.see_other_uids
Message-ID:  <bug-218392-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D218392

            Bug ID: 218392
           Summary: mail/dovecot2: incompatible with
                    security.bsd.see_other_uids and
                    security.bsd.see_other_uids
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: adamw@FreeBSD.org
          Reporter: topical@gmx.net
             Flags: maintainer-feedback?(adamw@FreeBSD.org)
          Assignee: adamw@FreeBSD.org

If you harden your FreeBSD system by enabling security.bsd.see_other_uids (=
or
security.bsd.see_other_uids), dovecot locking gets broken leading to data l=
oss.=20

Dovecot uses lock files to make sure at most one process writes to a data f=
ile.
In case the writer process has died unexpectedly and didn't remove the lock
file, the file would be locked forever. To handle this, dovecot always chec=
ks
the PID existence of the lock owner and wipes the lock if the PID doesn't
exist.

If security.bsd.see_other_uids is active, the PID existence always fails if=
 the
process owning the lock ("A") runs with a different UID then the process th=
at
wants to acquire the lock ("B"). The second process ("B") thus assumes that=
 the
current owner ("A") has died, wipes the lock and writes concurrently(!) to =
the
data file. This means that locking doesn't work at all and data loss is
unevitable.=20

Later on, the original owner ("A") will generate a syslog warning that its =
lock
file got lost somehow, but it's too late and the data file has been broken
already leading to further problems like lost mailboxes etc.

Workaround is to disable this hardening.

As this side-effect is far from obvious, I suggest to add a clearly visible
hint to the release notes of dovecot2.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-218392-13>