You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2007/03/04 18:41:28 UTC

[Bug 5365] New: spamd child falling back to nobody attempts to use previous user's database

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5365

           Summary: spamd child falling back to nobody attempts to use
                    previous user's database
           Product: Spamassassin
           Version: 3.1.7
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: spamc/spamd
        AssignedTo: dev@spamassassin.apache.org
        ReportedBy: mark-clist@npsl.co.uk


incoming message processed for user 'xxx':

Mar  4 16:33:53 hostname spamd[5227]: spamd: connection from localhost
[127.0.0.1] at port 39629 
Mar  4 16:33:53 hostname spamd[5227]: spamd: setuid to xxx succeeded 
Mar  4 16:33:53 hostname spamd[5227]: spamd: processing message <a...@b> for xxx:1677 
Mar  4 16:33:55 hostname spamd[5227]: spamd: clean message (-0.1/5.0) for
xxx:1677 in 1.3 seconds, 4360 bytes. 
Mar  4 16:33:55 hostname spamd[5227]: spamd: result: ...

then later on for a user that doesn't exist:

Mar  4 16:39:09 hostname spamd[5227]: spamd: connection from localhost
[127.0.0.1] at port 39791 
Mar  4 16:39:09 hostname spamd[5227]: spamd: handle_user unable to find user:
'test' 
Mar  4 16:39:09 hostname spamd[5227]: spamd: still running as root: user not
specified with -u, not found, or set to root, falling back to nobody at
/usr/sbin/spamd line 1147, <GEN193> line 4. 
Mar  4 16:39:09 hostname spamd[5227]: spamd: checking message <c...@d> for test:65534 
Mar  4 16:39:09 hostname spamd[5227]: mkdir /home/xxx/.spamassassin: Permission
denied at /usr/share/perl5/Mail/SpamAssassin.pm line 1530 
Mar  4 16:39:09 hostname spamd[5227]: mkdir /home/xxx/.spamassassin: Permission
denied at /usr/share/perl5/Mail/SpamAssassin.pm line 1530 
Mar  4 16:39:09 hostname spamd[5227]: locker: safe_lock: cannot create tmp
lockfile /home/xxx/.spamassassin/auto-whitelist.lock.hostname.org.5227 for
/home/xxx/.spamassassin/auto-whitelist.lock: Permission denied 
Mar  4 16:39:09 hostname spamd[5227]: auto-whitelist: open of auto-whitelist
file failed: locker: safe_lock: cannot create tmp lockfile
/home/xxx/.spamassassin/auto-whitelist.lock.hostname.org.5227 for
/home/xxx/.spamassassin/auto-whitelist
.lock: Permission denied 
Mar  4 16:39:09 hostname spamd[5227]: spamd: identified spam (12.9/5.0) for
test:65534 in 0.6 seconds, 2876 bytes. 
Mar  4 16:39:09 hostname spamd[5227]: spamd: result: ...

This is consistent in that it will always be looking in
$PREVIOUS_VALID_USER/.spamassassin rather than $NOBODYS_HOME/.spamassassin.

I have had a poke around in the code and it looks something like
signal_user_changed should be called from handle_setuid_to_user but I am not
certain of the correct resolution.  I don't think this will cause any security
issues unless somebody has set their db files to be o+rw (which would be a hole
in itself).



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 5365] spamd child falling back to nobody attempts to use previous user's database

Posted by bu...@bugzilla.spamassassin.org.

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5365





------- Additional Comments From nugget@macnugget.org  2007-03-20 20:47 -------
I seem to have successfully "fixed the glitch" by replacing handle_setuid_to_user() as follows:

sub handle_setuid_to_user {
  if ($spamtest->{paranoid}) {
    die("spamd: in paranoid mode, still running as root: closing connection");
  }
  warn("spamd: still running as root: user not specified with -u, "
       . "not found, or set to root, falling back to nobody" );

  my ($name, $pwd, $uid, $gid, $quota, $comment, $gcos, $dir, $etc) =
      getpwnam('nobody');
  $uid =~ /^(\d+)$/ and $uid = $1;    # de-taint
  $gid =~ /^(\d+)$/ and $gid = $1;    # de-taint

  $) = "$gid $gid";                   # eGID
  $> = $uid;                          # eUID
  if (!defined($uid) || ($> != $uid and $> != ($uid - 2**32))) {
    die("spamd: setuid to nobody failed");
  }
  $spamtest->signal_user_changed(
    {
      username => $name,
      user_dir => $dir
    }
  );
}



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 5365] spamd child falling back to nobody attempts to use previous user's database

Posted by bu...@bugzilla.spamassassin.org.

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5365





------- Additional Comments From gdt@ir.bbn.com  2007-03-16 07:48 -------
I am also seeing this on NetBSD 3.1 (i386) with spamassassin

I think the problem is that we need to call $spamtest->signal_user_changed with
user_dir set to undef.   spamd is correctly changing permissions, and thus may
be remembering only the directory.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 5365] spamd child falling back to nobody attempts to use previous user's database

Posted by bu...@bugzilla.spamassassin.org.

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5365


jm@jmason.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED




------- Additional Comments From jm@jmason.org  2007-03-21 06:30 -------
applied; let's see if it works ok ;)

: jm 1214...; svn commit -m "bug 5365: spamd child falling back to 'nobody' due
to unknown username passed from spamc, attempts to read previous user's bayes
dbs (and fails).  fixed" spamd/spamd.raw
Sending        spamd/spamd.raw
Transmitting file data .
Committed revision 520881.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 5365] spamd child falling back to nobody attempts to use previous user's database

Posted by bu...@bugzilla.spamassassin.org.

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5365


nugget@macnugget.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |nugget@macnugget.org






------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 5365] spamd child falling back to nobody attempts to use previous user's database

Posted by bu...@bugzilla.spamassassin.org.

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5365





------- Additional Comments From jm@jmason.org  2007-03-21 07:01 -------
confirmed: seems to work for me in 3.2.0.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 5365] spamd child falling back to nobody attempts to use previous user's database

Posted by bu...@bugzilla.spamassassin.org.

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5365


jm@jmason.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|Undefined                   |3.2.0




------- Additional Comments From jm@jmason.org  2007-03-21 02:48 -------
need to check this on 3.2.0



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.