Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 23 Mar 1997 15:35:19 +0100
From:      j@uriah.heep.sax.de (J Wunsch)
To:        dv@kis.ru (Dmitry Valdov)
Cc:        freebsd-bugs@freebsd.org, peter@spinner.DIALix.COM (Peter Wemm), security-officer@freebsd.org
Subject:   Re: sendmail can't create PID file because of owner permission of /var/run
Message-ID:  <19970323153519.BW27841@uriah.heep.sax.de>
In-Reply-To: <Pine.BSF.3.95q.970323165210.2884A-100000@xkis.kis.ru>; from Dmitry Valdov on Mar 23, 1997 16:56:31 %2B0300
References:  <Pine.BSF.3.95q.970323165210.2884A-100000@xkis.kis.ru>
next in thread | previous in thread | raw e-mail | index | archive | help 
As Dmitry Valdov wrote:

> sendmail doesn't create sendmai.pid file
> if /var/run directory owned by other than root. Default owner of /var/run in
> 2.2R is 'bin'. The problem appears in 2.1.5R too.
> sendmail version is 8.8.5
> 
> Workaround:
> chown root:bin /var/run

safefile() in sendmail/src/util.c goes great lengths to ensure files
are only attempted to be opened if the permissions of the directory
allow this.  Anyway, it looks as if it requires any directory to be
world-writeable if the directory is not owned by the owner of the
requesting process -- even if the owner is root.  I'm not sure
wheather this is a bug or a feature.  The following diff fixes this,
but i'm not 100 % sure wheather this fix is right or not.

cvs diff: Diffing /usr/src/usr.sbin/sendmail/src
Index: /usr/src/usr.sbin/sendmail/src/util.c
===================================================================
RCS file: /home/cvs/src/usr.sbin/sendmail/src/util.c,v
retrieving revision 1.12
diff -u -u -r1.12 util.c
--- util.c	1997/01/27 07:43:29	1.12
+++ util.c	1997/03/23 14:28:49
@@ -627,7 +627,7 @@
 		if (stat(fn, &stbuf) >= 0)
 		{
 			int md = S_IWRITE|S_IEXEC;
-			if (stbuf.st_uid != uid)
+			if (uid != 0 && stbuf.st_uid != uid)
 				md >>= 6;
 			if ((stbuf.st_mode & md) != md)
 				errno = EACCES;


-- 
cheers, J"org

joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE
Never trust an operating system you don't have sources for. ;-)

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970323153519.BW27841>