From owner-freebsd-ports-bugs@FreeBSD.ORG Wed Jan 6 16:00:18 2010 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5566B10656E0 for ; Wed, 6 Jan 2010 16:00:18 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 2AEF28FC28 for ; Wed, 6 Jan 2010 16:00:14 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id o06G0DBe026150 for ; Wed, 6 Jan 2010 16:00:13 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id o06G0DLU026149; Wed, 6 Jan 2010 16:00:13 GMT (envelope-from gnats) Resent-Date: Wed, 6 Jan 2010 16:00:13 GMT Resent-Message-Id: <201001061600.o06G0DLU026149@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Mike Jakubik Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B0E211065695 for ; Wed, 6 Jan 2010 15:54:18 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id 9FF798FC13 for ; Wed, 6 Jan 2010 15:54:18 +0000 (UTC) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o06FsIpE004767 for ; Wed, 6 Jan 2010 15:54:18 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.3/8.14.3/Submit) id o06FsIiA004760; Wed, 6 Jan 2010 15:54:18 GMT (envelope-from nobody) Message-Id: <201001061554.o06FsIiA004760@www.freebsd.org> Date: Wed, 6 Jan 2010 15:54:18 GMT From: Mike Jakubik To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: ports/142382: [patch] Fix mail/mailscanner 4.79.4 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Jan 2010 16:00:18 -0000 >Number: 142382 >Category: ports >Synopsis: [patch] Fix mail/mailscanner 4.79.4 >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Jan 06 16:00:13 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Mike Jakubik >Release: 8.0-STABLE >Organization: >Environment: >Description: This is a workaround to the continuous taint mode incompatibilities with this code. Since I have been unsuccessful at reaching the mailscanner community to address these, i created this work around instead. - This patch introduces a new rc variable called "mailscanner_user". If you changed the "Run As User" variable in MailScanner.conf (which triggers taint mode) you MUST now also set the same value in /etc/rc.conf. - Removed ulimit bump from startup script, since its now dynamically set at boot time based on system resources. >How-To-Repeat: >Fix: diff -urN mailscanner.orig/Makefile mailscanner/Makefile --- mailscanner.orig/Makefile 2010-01-04 15:19:40.000000000 -0500 +++ mailscanner/Makefile 2010-01-04 16:00:18.000000000 -0500 @@ -7,6 +7,7 @@ PORTNAME= MailScanner PORTVERSION= 4.79.4 +PORTREVISION= 1 CATEGORIES= mail MASTER_SITES= http://www.mailscanner.info/files/4/tar/ DISTNAME= ${PORTNAME}-install-${PORTVERSION}-${PATCHLEVEL} diff -urN mailscanner.orig/files/mailscanner.in mailscanner/files/mailscanner.in --- mailscanner.orig/files/mailscanner.in 2010-01-04 15:19:40.000000000 -0500 +++ mailscanner/files/mailscanner.in 2010-01-04 15:57:33.000000000 -0500 @@ -10,6 +10,7 @@ # Set it to "YES" to enable mailscanner # mailscanner_configfile (path): Set to "%%PREFIX%%/etc/MailScanner/MailScanner.conf" by default. # mailscanner_pidfile (path): Set to "/var/run/MailScanner.pid" by default. +# mailscanner_user (str): Set to "root" by default. If you changed the "Run As User" variable in MailScanner.conf you MUST also set the same value here. # . %%RC_SUBR%% @@ -22,22 +23,20 @@ : ${mailscanner_enable="NO"} : ${mailscanner_configfile="%%PREFIX%%/etc/MailScanner/MailScanner.conf"} : ${mailscanner_pidfile="/var/run/MailScanner.pid"} +: ${mailscanner_user="root"} command="%%PREFIX%%/sbin/mailscanner" pidfile=${mailscanner_pidfile} command_args="${mailscanner_configfile}" +procname="MailScanner" required_files="${mailscanner_configfile}" -_ms_start_precmd() { - # Quietly try to raise the open_files limit - # - ulimit -n 2000 >/dev/null 2>&1 -} - -start_precmd=_ms_start_precmd +start_cmd="mailscanner_start" -procname="MailScanner" +mailscanner_start() { + su -m ${mailscanner_user} -c "exec ${command} ${command_args}" +} run_rc_command "$1" diff -urN mailscanner.orig/files/pkg-message.in mailscanner/files/pkg-message.in --- mailscanner.orig/files/pkg-message.in 2010-01-04 15:19:40.000000000 -0500 +++ mailscanner/files/pkg-message.in 2010-01-04 15:41:35.000000000 -0500 @@ -38,7 +38,19 @@ Sophos users: Please take a look at the Sophos install script %%PREFIX%%/share/doc/MailScanner/Sophos.install.freebsd - Please also always look at the port changelog at - %%PREFIX%%/share/doc/MailScanner/CHANGES.port + + ***************************************************************** + A new rc variable called mailscanner_user has been added to the + startup script. This is a temporary workaround to address the + numerous taint mode problems that are still present in the code. + + If you changed the "Run As User" variable in MailScanner.conf + you MUST also set the same value in /etc/rc.conf. + + i.e. mailscanner_user="postfix" + + The new variable uses su to start the master perl script as the + specified user, this effectively disables perl's taint mode. + ***************************************************************** ************************************************************************* >Release-Note: >Audit-Trail: >Unformatted: