From owner-freebsd-bugs Sat Mar 30 10:10:10 1996 Return-Path: owner-bugs Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id KAA22563 for bugs-outgoing; Sat, 30 Mar 1996 10:10:10 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id KAA22545 Sat, 30 Mar 1996 10:10:06 -0800 (PST) Resent-Date: Sat, 30 Mar 1996 10:10:06 -0800 (PST) Resent-Message-Id: <199603301810.KAA22545@freefall.freebsd.org> Resent-From: gnats (GNATS Management) Resent-To: freebsd-bugs Resent-Reply-To: FreeBSD-gnats@freefall.FreeBSD.org, henrich@crh.cl.msu.edu Received: from crh.cl.msu.edu (crh.cl.msu.edu [35.8.1.24]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id KAA22163 for ; Sat, 30 Mar 1996 10:06:30 -0800 (PST) Received: (from henrich@localhost) by crh.cl.msu.edu (8.6.12/8.6.12) id NAA00616; Sat, 30 Mar 1996 13:06:22 -0500 Message-Id: <199603301806.NAA00616@crh.cl.msu.edu> Date: Sat, 30 Mar 1996 13:06:22 -0500 From: henrich@crh.cl.msu.edu Reply-To: henrich@crh.cl.msu.edu To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: bin/1111: mail.local bug (quota) Sender: owner-bugs@freebsd.org X-Loop: FreeBSD.org Precedence: bulk >Number: 1111 >Category: bin >Synopsis: mail.local will happily deliver mail to a quota'd filesystem >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Mar 30 10:10:03 PST 1996 >Last-Modified: >Originator: Charles Henrich >Organization: Charles Henrich Michigan State University henrich@msu.edu http://pilot.msu.edu/~henrich >Release: FreeBSD 2.1-STABLE i386 >Environment: FreeBSD 2.1 (probably all BSD-4.4 derivitives). >Description: /usr/libexec/mail.local runs as root. As such is can fill up a mailbox on a quota'd filesystem, and keep going... Makes quota's almost useless in an ISP environment. >How-To-Repeat: send a mail message.. >Fix: Here's a patch to mail.local (tested, it works) to cause mail.local to become the user before delivery is attempted, which will fail for overquota. One note needs to be said about QUOTA's and mail, when one enables quota on a mail system sendmail must run a mail.local for each message (e.g. no lower m in the args F= in Mprog in sendmail.cf). If sendmail attempts multiple recipient delivery, and any recipient is over quota, the mail will be requeued for delivery again later. Unfortunatly everyone else who was delivered to at the same time, without error, will keep getting copies of the message until the entire delivery attempt was a success. This is an inherent flaw in mail.local, and not a result of this patch. *** mail.local.orig.c Sat Mar 30 12:59:43 1996 --- /tmp/mail.local.c Sat Mar 30 12:58:11 1996 *************** *** 199 **** --- 200 ---- + uid_t saveeuid; *************** *** 234 **** --- 236,237 ---- + + saveeuid=geteuid(); *************** *** 235 **** --- 239 ---- + *************** *** 246 **** --- 251,259 ---- + + /* Now that the box is created and permissions are correct, we + close it and go back to the top so that we will come in + and write as the user. We dont seteuid() before the above + open, because we have to be root/bin to write in var/mail */ + + close(mbfd); + goto tryagain; + *************** *** 251 **** --- 265,272 ---- + + /* Become the user, so quota enforcement will occur */ + + if(seteuid(pw->pw_uid) != 0) { + warn("Unable to setuid()"); + return; + } + *************** *** 258 **** --- 280 ---- + seteuid(saveeuid); *************** *** 265 **** --- 288,289 ---- + seteuid(saveeuid); + *************** *** 285 **** --- 310 ---- + *************** *** 304 **** --- 330 ---- + seteuid(saveeuid); *************** *** 311 **** --- 338 ---- + seteuid(saveeuid); *************** *** 313 **** --- 341,342 ---- + + seteuid(saveeuid); >Audit-Trail: >Unformatted: