mqueue file permissions

Julian Field mailscanner at ecs.soton.ac.uk
Wed Jan 29 21:58:25 GMT 2003


As they might be changing the umask every time, I have moved the umask
setting to much lower-level code, so that it gets done before every open
file + lock it.

--- /usr/lib/MailScanner/MailScanner/Lock.pm      Sun Nov 24 12:06:15 2002
+++ Lock.pm     Wed Jan 29 23:08:20 2003
@@ -348,6 +348,9 @@
      defined $rw or $rw = ((substr($fn,0,1) eq '>')?"w":"r");
      $rw =~ /^[rs]/i or $rw = 'w';

+    # Set umask every time as SpamAssassin might have reset it
+    umask 0077;
+
      unless (open($fh, $fn)) {
         MailScanner::Log::InfoLog("Could not open file $fn: %s", $!)
            unless $quiet;

See if that does the job.

At 21:37 29/01/2003, you wrote:
>Adding umask above didn't fix.  I checked the change log on SA and the
>only entry that mentions umask is
>
>2003-01-19 04:25  felicity
>
>         * lib/Mail/SpamAssassin/: BayesStore.pm, Conf.pm,
>         DBBasedAddrList.pm, NoMailAudit.pm, PerMsgStatus.pm, Util.pm:
>Put
>         umask around any open or tie commands.  This will 1) let the
>*_mode
>         options work as expected, and 2) keep some of our temp files
>more
>         secure.
>
>If I grep thru all the pm files I see some umasks set to 0 and some 077.
>The 077's are in their BayeStore.pm, NoMailAudit.pm and a UnixLocker.pm
>
>
>So it looks like they are changing it.  What a pain!
>
>-----Original Message-----
>From: Julian Field [mailto:mailscanner at ECS.SOTON.AC.UK]
>Sent: Wednesday, January 29, 2003 3:46 PM
>To: MAILSCANNER at JISCMAIL.AC.UK
>Subject: Re: mqueue file permissions
>
>
>At 20:41 29/01/2003, you wrote:
> >Weird... I just started having the exact same problem today at 12:50pm
> >EST.  Only change made was updating SA to the latest CVS of 2.50.  Last
>
> >update was about 4 weeks ago.
>
>Fancy checking there are no "umask" calls in the SA code that weren't
>there before? The actual spam checking is done in a forked process, so
>umask calls in there won't have any effect. But if they have umask calls
>in places they shouldn't, it might be possible that they execute one in
>the main MS thread. If that is the case, I'm going to have to move the
>umask call again.
>
>Is my suggested earlier change working okay? (Adding "umask 0077;" near
>the top of WorkForHours() in the main /usr/sbin/MailScanner script).
>
> >-----Original Message-----
> >From: Brian Peterson [mailto:brian at KAOSTECH.COM]
> >Sent: Wednesday, January 29, 2003 12:46 PM
> >To: MAILSCANNER at JISCMAIL.AC.UK
> >Subject: mqueue file permissions
> >
> >
> >I've been seeing problems with the mqueue qf file modes when
> >SpamAssassin is enabled, I've used both SpamAssassin 2.43 and 2.50.
> >The qf files are being delivered to the mqueue directory mode 664
> >instead of 600 which sendmail then complains about bogus uid even
> >though it's the permission.  Has anyone seen this before?
> >
> >Jan 29 09:34:34 alpha sendmail[7657]: h0THY4D07651: bogus queue file,
> >uid=0, mode=100664 Jan 29 09:34:34 alpha sendmail[7657]: h0THY4D07651:
> >Losing ./qfh0THY4D07651: bogus file uid in mqueue
> >
> >-rw-------    1 root     root            7 Jan 29 09:34 dfh0THY4D07651
> >-rw-rw-r--    1 root     root          894 Jan 29 09:34 Qfh0THY4D07651
> >
> >
> >
> >Brian Peterson
> >mailto:kaos at kaostech.com
>
>--
>Julian Field
>www.MailScanner.info
>MailScanner thanks transtec Computers for their support

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support



More information about the MailScanner mailing list