Date: Mon, 4 Jan 2010 21:11:58 GMT From: Mike Jakubik <mike.jakubik@intertainservices.com> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/142327: [patch] Fix mail/mailscanner 4.79.4 Message-ID: <201001042111.o04LBwHp040361@www.freebsd.org> Resent-Message-ID: <201001042120.o04LK1NV007638@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 142327 >Category: ports >Synopsis: [patch] Fix mail/mailscanner 4.79.4 >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Jan 04 21:20:00 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Mike Jakubik >Release: 8.0-STABLE >Organization: >Environment: >Description: This is a workaround to the continuous taint mode incompatibilities with this code. Since I have been unsuccessful at reaching the mailscanner community to address these, i created this work around instead. - This patch introduces a new rc variable called "mailscanner_user". If you changed the "Run As User" variable in MailScanner.conf (which triggers taint mode) you MUST now also set the same value in /etc/rc.conf. - Removed ulimit bump from startup script, since its now dynamically set at boot time based on system resources. >How-To-Repeat: >Fix: diff -urN mailscanner.orig/Makefile mailscanner/Makefile --- mailscanner.orig/Makefile 2010-01-04 15:19:40.000000000 -0500 +++ mailscanner/Makefile 2010-01-04 16:00:18.000000000 -0500 @@ -7,6 +7,7 @@ PORTNAME= MailScanner PORTVERSION= 4.79.4 +PORTREVISION= 1 CATEGORIES= mail MASTER_SITES= http://www.mailscanner.info/files/4/tar/ DISTNAME= ${PORTNAME}-install-${PORTVERSION}-${PATCHLEVEL} diff -urN mailscanner.orig/files/mailscanner.in mailscanner/files/mailscanner.in --- mailscanner.orig/files/mailscanner.in 2010-01-04 15:19:40.000000000 -0500 +++ mailscanner/files/mailscanner.in 2010-01-04 15:57:33.000000000 -0500 @@ -10,6 +10,7 @@ # Set it to "YES" to enable mailscanner # mailscanner_configfile (path): Set to "%%PREFIX%%/etc/MailScanner/MailScanner.conf" by default. # mailscanner_pidfile (path): Set to "/var/run/MailScanner.pid" by default. +# mailscanner_user (str): Set to "root" by default. If you changed the "Run As User" variable in MailScanner.conf you MUST also set the same value here. # . %%RC_SUBR%% @@ -22,22 +23,20 @@ : ${mailscanner_enable="NO"} : ${mailscanner_configfile="%%PREFIX%%/etc/MailScanner/MailScanner.conf"} : ${mailscanner_pidfile="/var/run/MailScanner.pid"} +: ${mailscanner_user="root"} command="%%PREFIX%%/sbin/mailscanner" pidfile=${mailscanner_pidfile} command_args="${mailscanner_configfile}" +procname="MailScanner" required_files="${mailscanner_configfile}" -_ms_start_precmd() { - # Quietly try to raise the open_files limit - # - ulimit -n 2000 >/dev/null 2>&1 -} - -start_precmd=_ms_start_precmd +start_cmd="mailscanner_start" -procname="MailScanner" +mailscanner_start() { + su -m ${mailscanner_user} -c "exec ${command} ${command_args}" +} run_rc_command "$1" diff -urN mailscanner.orig/files/pkg-message.in mailscanner/files/pkg-message.in --- mailscanner.orig/files/pkg-message.in 2010-01-04 15:19:40.000000000 -0500 +++ mailscanner/files/pkg-message.in 2010-01-04 15:41:35.000000000 -0500 @@ -38,7 +38,19 @@ Sophos users: Please take a look at the Sophos install script %%PREFIX%%/share/doc/MailScanner/Sophos.install.freebsd - Please also always look at the port changelog at - %%PREFIX%%/share/doc/MailScanner/CHANGES.port + + ***************************************************************** + A new rc variable called mailscanner_user has been added to the + startup script. This is a temporary workaround to address the + numerous taint mode problems that are still present in the code. + + If you changed the "Run As User" variable in MailScanner.conf + you MUST also set the same value in /etc/rc.conf. + + i.e. mailscanner_user="postfix" + + The new variable uses su to start the master perl script as the + specified user, this effectively disables perl's taint mode. + ***************************************************************** ************************************************************************* >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201001042111.o04LBwHp040361>