Date: Fri, 30 Apr 1999 17:55:27 +0200 (MET DST) From: "Pedro J. Lobo" <pjlobo@euitt.upm.es> To: freebsd-security@freebsd.org Subject: Re: Does mail.local need to be setuid-root? Message-ID: <Pine.OSF.4.05.9904301752480.17688-200000@haddock.euitt.upm.es> In-Reply-To: <Pine.OSF.4.05.9904301716240.17463-100000@haddock.euitt.upm.es>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --]
On Fri, 30 Apr 1999, Pedro J. Lobo wrote:
>I have looked at the mail.local code, and it does a seteuid(2) to the
>recipient's UID. So, why does the system allow it to write over quota?
>
>I've written a small test program, and have found this: if you seteuid()
>and open a file for writing, write() or fwrite() calls will fail (that is,
>if the effective user is over quota). But, if you open the file, and call
>seteuid() when the file is already open, then you can write as much data
>as you want. As mail.local does this (first opens the user's mailbox, then
>seteuid()'s), the quotas are ignored.
>
>I think this is a bug, and that quotas should be checked (and applied)
>every time you call write() or fwrite() or whatever. Opinions?
Just for the record, I have modified mail.local (patch attached) to have
at least a temporary workaround. I have tested it on my server and it
works. But, I feel that this is not a complete solution, and that the
quota system is somewhat broken.
Pedro.
--
-------------------------------------------------------------------
Pedro José Lobo Perea Tel: +34 91 336 78 19
Centro de Cálculo Fax: +34 91 331 92 29
E.U.I.T. Telecomunicación e-mail: pjlobo@euitt.upm.es
Universidad Politécnica de Madrid
Ctra. de Valencia, Km. 7 E-28031 Madrid - España / Spain
[-- Attachment #2 --]
*** contrib/sendmail/mail.local/mail.local.c.orig Tue Jan 12 13:38:00 1999
--- contrib/sendmail/mail.local/mail.local.c Fri Apr 30 17:48:31 1999
***************
*** 803,808 ****
--- 803,810 ----
pw->pw_uid, pw->pw_gid, name);
goto err1;
}
+ close(mbfd);
+ goto tryagain;
} else if (sb.st_nlink != 1 || !S_ISREG(sb.st_mode)) {
mailerr("550 5.2.0", "%s: irregular file", path);
goto err0;
***************
*** 812,818 ****
path, sb.st_uid);
goto err0;
} else {
! mbfd = open(path, O_APPEND|O_WRONLY, 0);
}
if (mbfd == -1) {
--- 814,830 ----
path, sb.st_uid);
goto err0;
} else {
! if (setreuid(0, pw->pw_uid) < 0) {
! mailerr("450 4.2.0", "setreuid(0, %d): %s (r=%d, e=%d)",
! pw->pw_uid, strerror(errno), getuid(), geteuid());
! goto err1;
! }
! mbfd = open(path, O_APPEND|O_WRONLY, 0);
! if (setreuid(0, 0) < 0) {
! mailerr("450 4.2.0", "setreuid(0, %d): %s (r=%d, e=%d)",
! pw->pw_uid, strerror(errno), getuid(), geteuid());
! goto err1;
! }
}
if (mbfd == -1) {
***************
*** 1088,1096 ****
#ifdef EAGAIN
case EAGAIN: /* Resource temporarily unavailable */
#endif
- #ifdef EDQUOT
- case EDQUOT: /* Disc quota exceeded */
- #endif
#ifdef EBUSY
case EBUSY: /* Device busy */
#endif
--- 1100,1105 ----
***************
*** 1159,1164 ****
--- 1168,1176 ----
#endif
eval = EX_TEMPFAIL;
break;
+ #ifdef EDQUOT
+ case EDQUOT: /* Disc quota exceeded */
+ #endif
default:
eval = EX_UNAVAILABLE;
break;
home |
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.OSF.4.05.9904301752480.17688-200000>