Date: Fri, 30 Apr 1999 17:55:27 +0200 (MET DST) From: "Pedro J. Lobo" <pjlobo@euitt.upm.es> To: freebsd-security@freebsd.org Subject: Re: Does mail.local need to be setuid-root? Message-ID: <Pine.OSF.4.05.9904301752480.17688-200000@haddock.euitt.upm.es> In-Reply-To: <Pine.OSF.4.05.9904301716240.17463-100000@haddock.euitt.upm.es>
next in thread | previous in thread | raw e-mail | index | archive | help
This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mime@docserver.cac.washington.edu for more info. --0-1143190565-925487727=:17688 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: 8BIT On Fri, 30 Apr 1999, Pedro J. Lobo wrote: >I have looked at the mail.local code, and it does a seteuid(2) to the >recipient's UID. So, why does the system allow it to write over quota? > >I've written a small test program, and have found this: if you seteuid() >and open a file for writing, write() or fwrite() calls will fail (that is, >if the effective user is over quota). But, if you open the file, and call >seteuid() when the file is already open, then you can write as much data >as you want. As mail.local does this (first opens the user's mailbox, then >seteuid()'s), the quotas are ignored. > >I think this is a bug, and that quotas should be checked (and applied) >every time you call write() or fwrite() or whatever. Opinions? Just for the record, I have modified mail.local (patch attached) to have at least a temporary workaround. I have tested it on my server and it works. But, I feel that this is not a complete solution, and that the quota system is somewhat broken. Pedro. -- ------------------------------------------------------------------- Pedro José Lobo Perea Tel: +34 91 336 78 19 Centro de Cálculo Fax: +34 91 331 92 29 E.U.I.T. Telecomunicación e-mail: pjlobo@euitt.upm.es Universidad Politécnica de Madrid Ctra. de Valencia, Km. 7 E-28031 Madrid - España / Spain --0-1143190565-925487727=:17688 Content-Type: TEXT/PLAIN; charset=US-ASCII; name="mail.local.patch" Content-Transfer-Encoding: BASE64 Content-ID: <Pine.OSF.4.05.9904301755270.17688@haddock.euitt.upm.es> Content-Description: Content-Disposition: attachment; filename="mail.local.patch" KioqIGNvbnRyaWIvc2VuZG1haWwvbWFpbC5sb2NhbC9tYWlsLmxvY2FsLmMu b3JpZwlUdWUgSmFuIDEyIDEzOjM4OjAwIDE5OTkNCi0tLSBjb250cmliL3Nl bmRtYWlsL21haWwubG9jYWwvbWFpbC5sb2NhbC5jCUZyaSBBcHIgMzAgMTc6 NDg6MzEgMTk5OQ0KKioqKioqKioqKioqKioqDQoqKiogODAzLDgwOCAqKioq DQotLS0gODAzLDgxMCAtLS0tDQogIAkJCQlwdy0+cHdfdWlkLCBwdy0+cHdf Z2lkLCBuYW1lKTsNCiAgCQkJZ290byBlcnIxOw0KICAJCX0NCisgCQljbG9z ZShtYmZkKTsNCisgCQlnb3RvIHRyeWFnYWluOw0KICAJfSBlbHNlIGlmIChz Yi5zdF9ubGluayAhPSAxIHx8ICFTX0lTUkVHKHNiLnN0X21vZGUpKSB7DQog IAkJbWFpbGVycigiNTUwIDUuMi4wIiwgIiVzOiBpcnJlZ3VsYXIgZmlsZSIs IHBhdGgpOw0KICAJCWdvdG8gZXJyMDsNCioqKioqKioqKioqKioqKg0KKioq IDgxMiw4MTggKioqKg0KICAJCQkJcGF0aCwgc2Iuc3RfdWlkKTsNCiAgCQln b3RvIGVycjA7DQogIAl9IGVsc2Ugew0KISAJCW1iZmQgPSBvcGVuKHBhdGgs IE9fQVBQRU5EfE9fV1JPTkxZLCAwKTsNCiAgCX0NCiAgDQogIAlpZiAobWJm ZCA9PSAtMSkgew0KLS0tIDgxNCw4MzAgLS0tLQ0KICAJCQkJcGF0aCwgc2Iu c3RfdWlkKTsNCiAgCQlnb3RvIGVycjA7DQogIAl9IGVsc2Ugew0KISAJICBp ZiAoc2V0cmV1aWQoMCwgcHctPnB3X3VpZCkgPCAwKSB7DQohIAkgICAgbWFp bGVycigiNDUwIDQuMi4wIiwgInNldHJldWlkKDAsICVkKTogJXMgKHI9JWQs IGU9JWQpIiwNCiEgCQkgICAgcHctPnB3X3VpZCwgc3RyZXJyb3IoZXJybm8p LCBnZXR1aWQoKSwgZ2V0ZXVpZCgpKTsNCiEgCSAgICBnb3RvIGVycjE7DQoh IAkgIH0NCiEgCSAgbWJmZCA9IG9wZW4ocGF0aCwgT19BUFBFTkR8T19XUk9O TFksIDApOw0KISAJICBpZiAoc2V0cmV1aWQoMCwgMCkgPCAwKSB7DQohIAkg ICAgbWFpbGVycigiNDUwIDQuMi4wIiwgInNldHJldWlkKDAsICVkKTogJXMg KHI9JWQsIGU9JWQpIiwNCiEgCQkgICAgcHctPnB3X3VpZCwgc3RyZXJyb3Io ZXJybm8pLCBnZXR1aWQoKSwgZ2V0ZXVpZCgpKTsNCiEgCSAgICBnb3RvIGVy cjE7DQohIAkgIH0NCiAgCX0NCiAgDQogIAlpZiAobWJmZCA9PSAtMSkgew0K KioqKioqKioqKioqKioqDQoqKiogMTA4OCwxMDk2ICoqKioNCiAgI2lmZGVm IEVBR0FJTg0KICAJY2FzZSBFQUdBSU46CQkvKiBSZXNvdXJjZSB0ZW1wb3Jh cmlseSB1bmF2YWlsYWJsZSAqLw0KICAjZW5kaWYNCi0gI2lmZGVmIEVEUVVP VA0KLSAJY2FzZSBFRFFVT1Q6CQkvKiBEaXNjIHF1b3RhIGV4Y2VlZGVkICov DQotICNlbmRpZg0KICAjaWZkZWYgRUJVU1kNCiAgCWNhc2UgRUJVU1k6CQkv KiBEZXZpY2UgYnVzeSAqLw0KICAjZW5kaWYNCi0tLSAxMTAwLDExMDUgLS0t LQ0KKioqKioqKioqKioqKioqDQoqKiogMTE1OSwxMTY0ICoqKioNCi0tLSAx MTY4LDExNzYgLS0tLQ0KICAjZW5kaWYNCiAgCQlldmFsID0gRVhfVEVNUEZB SUw7DQogIAkJYnJlYWs7DQorICNpZmRlZiBFRFFVT1QNCisgCWNhc2UgRURR VU9UOgkJLyogRGlzYyBxdW90YSBleGNlZWRlZCAqLw0KKyAjZW5kaWYNCiAg CWRlZmF1bHQ6DQogIAkJZXZhbCA9IEVYX1VOQVZBSUxBQkxFOw0KICAJCWJy ZWFrOw0K --0-1143190565-925487727=:17688-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.OSF.4.05.9904301752480.17688-200000>