From owner-freebsd-bugs Thu Apr 4 1:11: 2 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 2C2ED37B423 for ; Thu, 4 Apr 2002 01:10:02 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g349A2B64997; Thu, 4 Apr 2002 01:10:02 -0800 (PST) (envelope-from gnats) Received: from axl.seasidesoftware.co.za (axl.seasidesoftware.co.za [196.31.7.201]) by hub.freebsd.org (Postfix) with ESMTP id BBE7837B417 for ; Thu, 4 Apr 2002 01:03:09 -0800 (PST) Received: from sheldonh (helo=axl.seasidesoftware.co.za) by axl.seasidesoftware.co.za with local-esmtp (Exim 3.33 #1) id 16t3Cb-0004vC-00 for FreeBSD-gnats-submit@freebsd.org; Thu, 04 Apr 2002 11:06:41 +0200 Message-Id: <18921.1017911201@axl.seasidesoftware.co.za> Date: Thu, 04 Apr 2002 11:06:41 +0200 From: Sheldon Hearn Reply-To: Sheldon Hearn To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.2 Subject: bin/36738: [PATCH] newsyslog ownership race condition Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 36738 >Category: bin >Synopsis: [PATCH] newsyslog ownership race condition >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Thu Apr 04 01:10:01 PST 2002 >Closed-Date: >Last-Modified: >Originator: Sheldon Hearn >Release: FreeBSD 5.0-CURRENT i386 >Organization: Seaside Software >Environment: All known versions of FreeBSD (problem existed in rev 1.1 of newsyslog.c). >Description: The newsyslog(8) configuration syntax allows for specification of the ownership of created files. However, files are created owned by the user running the program. Ownership is changed very soon after, but there is a brief period during which the ownership of the file does not match the specification provided in the configuration file. >How-To-Repeat: I hit this race condition frequently on a very busy MTA server, where MTA processes get "permission denied" trying to write to their log file just as it's being rotated by newsyslog(8). >Fix: The following patch solves the problem. OpenBSD have already addressed this problem in their rev 1.26 of newsyslog.c, but the scope of that patch is wider, so I include this simple fix in case nobody's up to grabbing OpenBSD's patch. If nobody steps up to the plate to incorporate the fix from OpenBSD, I'll apply my patch some time soon, say in two weeks. Let me know if you want to do this but need more than two weeks, so we can avoid stepping on each other's toes. Index: newsyslog.c =================================================================== RCS file: /home/ncvs/src/usr.sbin/newsyslog/newsyslog.c,v retrieving revision 1.40 diff -u -d -r1.40 newsyslog.c --- newsyslog.c 2 Apr 2002 12:03:16 -0000 1.40 +++ newsyslog.c 4 Apr 2002 08:37:45 -0000 @@ -513,6 +513,7 @@ char file1[MAXPATHLEN], file2[MAXPATHLEN]; char zfile1[MAXPATHLEN], zfile2[MAXPATHLEN]; char jfile1[MAXPATHLEN]; + char tfile[MAXPATHLEN]; int notified, need_notification, fd, _numdays; struct stat st; pid_t pid; @@ -644,20 +645,28 @@ if (noaction) printf("Start new log..."); else { - fd = creat(log, perm); + strlcpy(tfile, log, sizeof(tfile)); + strlcat(tfile, ".XXXXXX", sizeof(tfile)); + mkstemp(tfile); + fd = creat(tfile, perm); if (fd < 0) err(1, "can't start new log"); if (fchown(fd, owner_uid, group_gid)) err(1, "can't chmod new log file"); (void) close(fd); if (!(flags & CE_BINARY)) - if (log_trim(log)) /* Add status message */ + if (log_trim(tfile)) /* Add status message */ err(1, "can't add status message to log"); } if (noaction) printf("chmod %o %s...\n", perm, log); - else - (void) chmod(log, perm); + else { + (void) chmod(tfile, perm); + if (rename(tfile, log) < 0) { + err(1, "can't start new log"); + (void) unlink(tfile); + } + } pid = 0; need_notification = notified = 0; >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message