You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2005/06/28 05:32:51 UTC
[Bug 4437] New: Patch to allow a combined setuid and virtual-config-dir
http://bugzilla.spamassassin.org/show_bug.cgi?id=4437
Summary: Patch to allow a combined setuid and virtual-config-dir
Product: Spamassassin
Version: SVN Trunk (Latest Devel Version)
Platform: Other
OS/Version: other
Status: NEW
Severity: enhancement
Priority: P3
Component: spamc/spamd
AssignedTo: dev@spamassassin.apache.org
ReportedBy: jagerman@jagerman.com
I recently came across a situation where I wanted to combine the
virtual-config-dir with spamd's setuid abilities. Basically, this server
handles mail for multiple domains, and that mail is stored and processed under
different user accounts.
Specifically, mail is stored as /home/<username>/<domain>/mail/<mail-user> - for
example, jagerman@jagerman.com mail is located at
/home/jagerman/jagerman.com/mail/jagerman, and is owned by the <jagerman> user.
To get this working with spamd, I used the
--virtual-config-dir=/var/mail/%d/mail/%l/.spamassassin spamd option, then
called spamc with -u user@domain.com - and to make this work, I created a
/var/mail/domain symlink to the appropriate /home/username/domain directory.
The problem, however, is that spamd doesn't handle any setuid handling with this
configuration, which means any .spamassassin/ files it creates (including the
directory itself, if it doesn't exist) will be owned by whatever user spamd is
running as (it was root, in my case while testing).
The following patch addresses that problem by adding a new option
(--virtual-setuid-separator) to spamd that allows spamc to prefix the virtual
username with a system username and fixed string separator. Additionally, the
patch adds a '%h' escape to the --virtual-config-dir pattern so that the above
symlink directory I described above (/var/mail) is not needed.
In my case, with this patch applied, I start spamd with:
-x --virtual-config-dir=%h/%d/mail/%l/.spamassassin --virtual-setuid-separator=::
I then run spamc with: -u jagerman::test@jagerman.com and spamd setuid()'s to
the 'jagerman' user and uses /home/jagerman/jagerman.com/mail/test/.spamassassin
for its files.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4437] Patch to allow a combined setuid and virtual-config-dir
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4437
jagerman@jagerman.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #2963 is|0 |1
obsolete| |
------- Additional Comments From jagerman@jagerman.com 2005-07-07 18:48 -------
Created an attachment (id=3010)
--> (http://bugzilla.spamassassin.org/attachment.cgi?id=3010&action=view)
spamd patch to add setuid capabilities to virtual-config-dir setups
I've made a one-line change to the patch to allow a numeric user_id to be
treated as a uid instead of username.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4437] Patch to allow a combined setuid and virtual-config-dir
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4437
------- Additional Comments From jagerman@jagerman.com 2005-06-27 20:35 -------
Created an attachment (id=2963)
--> (http://bugzilla.spamassassin.org/attachment.cgi?id=2963&action=view)
spamd patch to add setuid capabilities to virtual-config-dir setups
Patch applied against spamd.raw from 20050627163958 trunk downloaded from
http://cvs.apache.org/snapshots/spamassassin/.
Should also apply (with some line offsets) against spamd from 3.0.4, and
possibly earlier releases.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.