ports/172189: milter-regex startup script needs to permit run-as user

David Wolfskill david at catwhisker.org
Sun Sep 30 18:30:04 UTC 2012 

>Number:         172189
>Category:       ports
>Synopsis:       milter-regex startup script needs to permit run-as user
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Sep 30 18:30:03 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     David Wolfskill
>Release:        FreeBSD 9.1-PRERELEASE i386
>Organization:
Wolfskill & Dowling Residence
>Environment:
System: FreeBSD janus.catwhisker.org 9.1-PRERELEASE FreeBSD 9.1-PRERELEASE #374 241067M: Sun Sep 30 05:08:36 PDT 2012     root at freebeast.catwhisker.org:/usr/obj/usr/src/sys/JANUS  i386

>Description:
	This is regarding the mail/milter-regex port.

	milter-regex(8) includes "... [-u user]" among the command line
	arguments with which it may be started, and goes on to state:
	...
	-u user    Run as the specified user instead of the default,
		   _milter-regex.  When milter-regex is started as
		   root, it calls setuid(2) to drop privileges.
		   The non-privileged user should have read access
		   to the configuration file and read-write access
		   to the pipe.
	...

	We have 2 possibilities of interest: milterregex_flags specifies
	"-u ..." or it doesn't.

	If it doesn't (default case, as the variable is empty by default),

	Regardless of anything specified for milter-regex rc
	variables, milter-regex is started as sendmail's default
	user, which is "mailnull" (unless specified otherwise via
	sendmail configuration).  This is at variance with the
	documentation for milter-regex (cited above), which claims
	that "_milter-regex" is what would be used for this purpose.

	And the "spooldir" is created by the sendmail default user
	(e.g., mailnull), so unless milter-regex is also running
	as (e.g., mailnull), the process will be unable to create
	its pidfile, so it will fail to start.

	One may try specifying "-u user" in milterregex_flags, but
	the startup script has no ability to change ownership of
	$spooldir to the specified user.  (And doing so via that
	mechanism would require that the script learn how to parse
	the milterregex_flags, which doesn't seem very reasonable
	to me.)  So that doesn't help much.

>How-To-Repeat:
        Configure sendmail to have "mailnull" as its default user, install
	the milter-regex port, and try to get it to run.

>Fix:
	The below patch is how I made it work for me.

	I created a new rc variable, milterregex_user (to avoid the
	parsing issue), then added a line to the script to force
	ownership of the $spooldir to the specified user.

	I set it up to (still) default to mailnull, but I did that
	before I figured out that milter-regex starting as mailnull
	was an artifact of the sendmail configuration.  Perhaps
	that ought to be changed to "_milter-regex" (to agree with
	milter-regex(8)).

	It works for me; YMMV. :-}


--- milterregex	2012/09/30 17:05:07	1.1
+++ milterregex	2012/09/30 17:45:41
@@ -19,6 +19,7 @@
 # DO NOT CHANGE THESE DEFAULT VALUES HERE
 #
 # milterregex_flags Flags to milter-regex program
+# milterregex_user User who runs milter-regex program
 
 [ -z "$milterregex_enable" ] && milterregex_enable="NO"	# Enable milter-regex
 
@@ -36,4 +37,5 @@
 }
 
 load_rc_config $name
+chown ${milterregex_user:-mailnull} $spooldir
 run_rc_command "$1"

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list