You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by Justin Mason <jm...@jmason.org> on 2004/04/16 01:21:12 UTC
Re: svn commit: rev 10034 - incubator/spamassassin/trunk/spamd
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
hmm. I'm pretty sure that'll mean Mail::SpamAssassin could create
a file (through preload_modules calling init()) *before* setuid'ing
if -u is set; hence file ownership errors.
I'd suggest not moving that stuff around too much for fear of changing
important behaviour -- just checking for the presence of "require
Storable" if it's needed.
- --j.
felicity@apache.org writes:
>Author: felicity
>Date: Thu Apr 15 16:13:07 2004
>New Revision: 10034
>
>Modified:
> incubator/spamassassin/trunk/spamd/spamd.raw
>Log:
>move parts around in spamd so that errors are displayed before becoming a daemon (like Storable is needed but not available ...)
>
>Modified: incubator/spamassassin/trunk/spamd/spamd.raw
>==============================================================================
>--- incubator/spamassassin/trunk/spamd/spamd.raw (original)
>+++ incubator/spamassassin/trunk/spamd/spamd.raw Thu Apr 15 16:13:07 2004
>@@ -425,15 +425,32 @@
> # duplicating log messages.
> # TVD: isn't this already done up above?
>
>-my $dontcopy = 1;
>-if ( $opt{'create-prefs'} ) { $dontcopy = 0; }
>+# support setuid() to user unless -u, we're not root, or doing --vpopmail
>+my $setuid_to_user = ($opt{'username'} || $> != 0 || $opt{'vpopmail'}) ? 0 : 1;
>+my $current_user;
>
>-# Untaint the pidfile path before we use it
>-if ( defined $opt{'pidfile'} ) {
>- $opt{'pidfile'} =
>- Mail::SpamAssassin::Util::untaint_file_path( $opt{'pidfile'} );
>+my $client; # used for the client connection ...
>+my $childlimit; # max number of kids allowed
>+my $clients_per_child; # number of clients each child should process
>+my %children = (); # current children
>+
>+if ( defined $opt{'max-children'} ) {
>+ ( $childlimit, $clients_per_child ) = split ( /[,:]/, $opt{'max-children'} );
>+
>+ # Make sure that the values are at least 1
>+ $childlimit = undef if ( defined $childlimit && $childlimit < 1 );
>+ $clients_per_child = undef
>+ if ( defined $clients_per_child && $clients_per_child < 1 );
> }
>
>+# Set some "sane" limits for defaults
>+$childlimit ||= 5;
>+$clients_per_child ||= 1000;
>+
>+
>+my $dontcopy = 1;
>+if ( $opt{'create-prefs'} ) { $dontcopy = 0; }
>+
> my $orighome;
> if ( defined $ENV{'HOME'} ) {
> if ( defined $opt{'username'} )
>@@ -529,16 +546,46 @@
> || die "Could not create INET socket: $! $@\n";
> }
>
>+my $spamtest = Mail::SpamAssassin->new(
>+ {
>+ dont_copy_prefs => $dontcopy,
>+ rules_filename => ( $opt{'configpath'} || 0 ),
>+ site_rules_filename => ( $opt{'siteconfigpath'} || 0 ),
>+ local_tests_only => ( $opt{'local'} || 0 ),
>+ debug => ( $opt{'debug'} || 0 ),
>+ paranoid => ( $opt{'paranoid'} || 0 ),
>+ home_dir_for_helpers => (
>+ defined $opt{'home_dir_for_helpers'}
>+ ? $opt{'home_dir_for_helpers'}
>+ : $orighome
>+ ),
>+ PREFIX => $PREFIX,
>+ DEF_RULES_DIR => $DEF_RULES_DIR,
>+ LOCAL_RULES_DIR => $LOCAL_RULES_DIR
>+ }
>+);
>+
>+preload_modules_with_tmp_homedir();
>+
>+# If we're going to be switching users in check(), let's backup the
>+# fresh configuration now for later restoring ...
>+my %conf_backup = ();
>+if ($setuid_to_user) {
>+ $spamtest->copy_config(undef, \%conf_backup) ||
>+ die "error returned from copy_config, no Storable module?\n";
>+}
>+
> $opt{'daemonize'} and daemonize();
>
> if ( defined( $opt{'pidfile'} ) ) {
>+ $opt{'pidfile'} =
>+ Mail::SpamAssassin::Util::untaint_file_path( $opt{'pidfile'} );
> open PIDF, ">$opt{'pidfile'}" or warn "Can't write to PID file: $!";
> print PIDF "$$\n";
> close PIDF;
> }
>
> # support non-root use (after we bind to the port)
>-my $setuid_to_user = 0;
> if ( $opt{'username'} ) {
> my ( $uuid, $ugid ) = ( getpwnam( $opt{'username'} ) )[ 2, 3 ];
> if ( !defined $uuid || $uuid == 0 ) {
>@@ -572,29 +619,6 @@
> }
>
> }
>-elsif ( $> == 0 ) {
>- if ( !$opt{'vpopmail'} ) {
>- $setuid_to_user = 1;
>- }
>-}
>-
>-my $client; # used for the client connection ...
>-my $childlimit; # max number of kids allowed
>-my $clients_per_child; # number of clients each child should process
>-my %children = (); # current children
>-
>-if ( defined $opt{'max-children'} ) {
>- ( $childlimit, $clients_per_child ) = split ( /[,:]/, $opt{'max-children'} );
>-
>- # Make sure that the values are at least 1
>- $childlimit = undef if ( defined $childlimit && $childlimit < 1 );
>- $clients_per_child = undef
>- if ( defined $clients_per_child && $clients_per_child < 1 );
>-}
>-
>-# Set some "sane" limits for defaults
>-$childlimit ||= 5;
>-$clients_per_child ||= 1000;
>
> # restart handling. do this here before compile_now() as that may
> # take a while.
>@@ -613,37 +637,6 @@
> logmsg( "server started on $listeninfo (running version "
> . Mail::SpamAssassin::Version()
> . ")" );
>-
>-my $current_user;
>-
>-my $spamtest = Mail::SpamAssassin->new(
>- {
>- dont_copy_prefs => $dontcopy,
>- rules_filename => ( $opt{'configpath'} || 0 ),
>- site_rules_filename => ( $opt{'siteconfigpath'} || 0 ),
>- local_tests_only => ( $opt{'local'} || 0 ),
>- debug => ( $opt{'debug'} || 0 ),
>- paranoid => ( $opt{'paranoid'} || 0 ),
>- home_dir_for_helpers => (
>- defined $opt{'home_dir_for_helpers'}
>- ? $opt{'home_dir_for_helpers'}
>- : $orighome
>- ),
>- PREFIX => $PREFIX,
>- DEF_RULES_DIR => $DEF_RULES_DIR,
>- LOCAL_RULES_DIR => $LOCAL_RULES_DIR
>- }
>-);
>-
>-preload_modules_with_tmp_homedir();
>-
>-# If we're going to be switching users in check(), let's backup the
>-# fresh configuration now for later restoring ...
>-my %conf_backup = ();
>-if ($setuid_to_user) {
>- $spamtest->copy_config(undef, \%conf_backup) ||
>- die "error returned from copy_config, no Storable module?\n";
>-}
>
> # Fork off our children.
> for ( 1 .. $childlimit ) {
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh CVS
iD8DBQFAfxjoQTcbUG5Y7woRAk1nAJ9Ov5Kcs0x9IkvZsC/0XKn2mBD3mwCg0zVK
sjGI5d/CbvKxR13V/6JhQNg=
=gUKa
-----END PGP SIGNATURE-----