Date: Tue, 22 Jul 2003 03:37:53 +0400 (MSD) From: Oleg Bulyzhin <oleg@rinet.ru> To: FreeBSD-gnats-submit@FreeBSD.org Cc: gshapiro@FreeBSD.org Subject: bin/54731: [PATCH] bug in mail.local can cause unnecessary mail delivery delays Message-ID: <20030721233753.22CD42EF9@lath.rinet.ru> Resent-Message-ID: <200307212340.h6LNeEa9022752@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 54731
>Category: bin
>Synopsis: [PATCH] bug in mail.local can cause unnecessary mail delivery delays
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Jul 21 16:40:13 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator: Oleg Bulyzhin
>Release: FreeBSD 4.8-RELEASE i386
>Organization:
Cronyx Plus LLC (RiNet ISP)
>Environment:
System: FreeBSD lath.rinet.ru 4.8-RELEASE FreeBSD 4.8-RELEASE #0: Sat Apr 5 12:35:16 MSD 2003 root@lath.rinet.ru:/lh/obj/lh/src/sys/lath i386
All sendmail versions (including 8.12.9) are affected.
(This bug affects systems without maillock(). Not sure about
systems where maillock() exists).
>Description:
During mailbox locking mail.local creates lock file (usually
/var/log/mboxname.lock). Under certain circumstances mail.local is
unable to remove this lock file after delivery attempt, thus next
mail delivery (handled by other mail.local process) can be delayed
for up to LOCKTO_RM seconds (5min).
Here is explanation:
First, mail.local creates lock file using super-user privileges.
Before delivery attempt mail.local drops privileges by calling
setreuid() (mail.local.c:1073). Then, in various error checking
code, goto err0 & goto err1 are used (mail.local.c:1087 1103 1148 1165)
If any of this errors appears, mail.local will be unable to remove
lock file, cause it calls unlockmbox() (mail.local.c:1231) having
euid == uid of mbox owner (while lock file owned by root).
Thus unlink call (mail.local.c:1398) will fail.
Next mail.local process will be unable to deliver mail until lock
file expires (expire time LOCKTO_RM seconds).
>How-To-Repeat:
It's not easy to repeat it with original mail.local cause those
error which can lead to this problem are quite rare. (actually,
i never seen any of em). Problem was noticed when i tested slightly
modified mail.local (simple implementation of mailbox size limit).
>Fix:
There is misplaced setreuid(0,0) call: we need super-user priveleges
neither for truncating (mail.local.c:1228) mailbox no for closing
(mail.local.c:1230) it. But we need those priveleges for removing
root-owned lock file.
--- mail.local.c.orig Mon Mar 3 20:31:13 2003
+++ mail.local.c Tue Jul 22 03:28:05 2003
@@ -1220,7 +1220,6 @@
{
mailerr("450 4.2.0", "%s: %s", path, sm_errstring(errno));
err3:
- (void) setreuid(0, 0);
#ifdef DEBUG
fprintf(stderr, "reset euid = %d\n", (int) geteuid());
#endif /* DEBUG */
@@ -1228,7 +1227,8 @@
(void) ftruncate(mbfd, curoff);
err1: if (mbfd >= 0)
(void) close(mbfd);
-err0: unlockmbox();
+err0: (void) setreuid(0, 0);
+ unlockmbox();
return;
}
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030721233753.22CD42EF9>