[Bug 3586] failed sanity check

[bu...@bugzilla.spamassassin.org]

http://bugzilla.spamassassin.org/show_bug.cgi?id=3586





------- Additional Comments From felicity@kluge.net  2004-07-10 15:52 -------
Subject: Re:  New: failed sanity check

On Sat, Jul 10, 2004 at 12:49:07PM -0700, bugzilla-daemon@bugzilla.spamassassin.org wrote:
> Jul 10 14:44:03 fat_man spamd[1822]: DCC -> check failed: setuid 0 to 1000
> failed! at /usr/local/lib/perl5/site_perl/5.6.1/Mail/SpamAssassin/Util.pm line 932.
> Jul 10 14:44:28 fat_man spamc[1821]: failed sanity check, 6050 bytes claimed,
> 17021 bytes seen

Hrm.  Well, the sanity check error is caused by spamd being killed from
the first message.  The first message is from spamd not able to change
its real uid to match the effective uid, which I have no idea what to
tell you.  The code is really simple there:

sub setuid_to_euid {
  return if (RUNNING_ON_WINDOWS);
  if ($< != $>) {
    dbg ("setting real uid from $< to match effective uid $>");
    $< = $>;
    if ($< != $>) { die "setuid $< to $> failed!"; }
  }
}

$< is real uid, $> is effective uid.  So for security reasons, we try
dropping root priv, then spamd blows up because the real uid (0) doesn't
equal the effective uid (1000).

So ...  The real issue is: why can't your spamd process drop root privs?
I have no answer to that, as far as I know, root can always change ruid
to another user, but then you can't go back, which is expected.

Unless there's something I'm missing though, this seems like a perl/OS
issue, not an SA one.





------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.