From owner-freebsd-current@FreeBSD.ORG Sat Dec 16 11:44:28 2006 Return-Path: X-Original-To: current@FreeBSD.org Delivered-To: freebsd-current@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id DE2ED16A415; Sat, 16 Dec 2006 11:44:28 +0000 (UTC) (envelope-from ache@nagual.pp.ru) Received: from nagual.pp.ru (nagual.pp.ru [194.87.13.69]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1DCCD43C9E; Sat, 16 Dec 2006 11:44:27 +0000 (GMT) (envelope-from ache@nagual.pp.ru) Received: from nagual.pp.ru (ache@localhost [127.0.0.1]) by nagual.pp.ru (8.13.8/8.13.8) with ESMTP id kBGBiQt7007833; Sat, 16 Dec 2006 14:44:26 +0300 (MSK) (envelope-from ache@nagual.pp.ru) Received: (from ache@localhost) by nagual.pp.ru (8.13.8/8.13.8/Submit) id kBGBiQmX007832; Sat, 16 Dec 2006 14:44:26 +0300 (MSK) (envelope-from ache) Date: Sat, 16 Dec 2006 14:44:26 +0300 From: Andrey Chernov To: Robert Watson Message-ID: <20061216114426.GA7735@nagual.pp.ru> Mail-Followup-To: Andrey Chernov , Robert Watson , current@FreeBSD.org References: <20061216055903.GA2712@nagual.pp.ru> <20061216111656.GA7501@nagual.pp.ru> <20061216112117.P72986@fledge.watson.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20061216112117.P72986@fledge.watson.org> User-Agent: Mutt/1.5.13 (2006-08-11) Cc: current@FreeBSD.org Subject: Re: sysv_ipc.c broken in v1.30 (was Re: sysvshm appearse broken in -current) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Dec 2006 11:44:29 -0000 On Sat, Dec 16, 2006 at 11:25:55AM +0000, Robert Watson wrote: > Yes, you can find the details in kern/106078. > > The thrust of the problem is that applications apparently pass access mode > arguments to shmget() in situations other than file creation, which isn't > documented in the spec. I've been doing a bit of on-and-off research on > this, but need to do some more before I'm ready to change our > implementation to simply ignore the argument. I hope to look at it again > this week sometime; it's unclear to me what applications are trying to > accomplish with the mode field in the non-IPC_CREAT case, and none of the > man pages and documentation I've found on various UNIX systems to date > suggest anything in particular. See t-shm.c code in either dk-milter or dkim-milter to gather the sample of operation. Those test written in way to be passed in all sysv ipc conformant machines. Which isn't our FreeBSD now :( I think removing that old code is the root of the problem: * Always permit the creator/owner to update the object * protections regardless of whether the object mode * permits it. */ if (mode & IPC_M) return (0); I.e. old code not even check for IPC_W or IPC_R in case of IPC_M presense. Moreover, old code allows _anything_ for suser: if ((mode & perm->mode) != mode) { if (suser(td) != 0) return (EACCES); } > >On Sat, Dec 16, 2006 at 08:59:03AM +0300, Andrey Chernov wrote: > >>It seems shm is broken in very recent -current. > >>Trying to build dkim-milter or dk-milter port (from root, of course) I > >>got: > >> > >>./t-shm > >>shmget: Permission denied > >>^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > >>shminit failed: Permission denied > >>1..bad! t-shm.c:260 r == 0 > >>add -DSM_CONF_SHM=0 to confENVDEF in devtools/Site/site.config.m4 > >>and start over. > >>0 of 1 tests completed successfully > >>*** 1 error in test! *** > >>2..bad! t-shm.c:177 cnt <= MAX_CNT > >>add -DSM_CONF_SHM=0 to confENVDEF in devtools/Site/site.config.m4 > >>and start over. > >>4 of 5 tests completed successfully > >>*** 1 error in test! *** > > > > > >-- > >http://ache.pp.ru/ > > -- http://ache.pp.ru/