4022 – spamd respawns not with setuid() to user given with -u

Bug 4022 - spamd respawns not with setuid() to user given with -u

Summary: spamd respawns not with setuid() to user given with -u

Status:	RESOLVED FIXED

Alias:	None

Product:	Spamassassin
Classification:	Unclassified
Component:	spamc/spamd (show other bugs)
Version:	3.0.1
Hardware:	PC FreeBSD

Importance:	P5 major
Target Milestone:	Undefined
Assignee:	SpamAssassin Developer Mailing List

URL:
Whiteboard:
Keywords:	triage

Depends on:
Blocks:

Reported:	2004-12-08 09:49 UTC by Michael Ranner
Modified:	2005-05-10 11:48 UTC (History)
CC List:	1 user (show)

Attachment	Type	Modified	Status	Actions	Submitter/CLA Status
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Ranner 2004-12-08 09:49:54 UTC

spamd started with: -c -d -u cyrus

cyrus   22889 65.6 18.9 51740 48676  ??  Ss    6:48PM   0:12.18
/usr/local/bin/spamd -c -d -u cyrus -r /var/run/spamd/spamd.
cyrus   22924  0.0 18.9 51740 48672  ??  S     6:48PM   0:00.01 spamd child (perl)
cyrus   22923  0.0 18.9 51740 48672  ??  S     6:48PM   0:00.01 spamd child (perl)
cyrus   22922  0.0 18.9 51740 48672  ??  S     6:48PM   0:00.01 spamd child (perl)
cyrus   22921  0.0 18.9 51740 48672  ??  S     6:48PM   0:00.01 spamd child (perl)

looks after processing max connections per child like this (childs running as
root instead cyrus):

root    99077  0.0 11.7 56356 30136  ??  I    11:45AM   3:56.01 spamd child (perl)
root    99076  0.0 17.8 80508 45836  ??  I    11:45AM   2:49.40 spamd child (perl)
root    99075  0.0 15.5 55560 39840  ??  I    11:45AM   0:18.12 spamd child (perl)
root    99074  0.0 15.4 56240 39636  ??  I    11:45AM   0:19.78 spamd child (perl)
cyrus   98999  0.0  5.6 51740 14304  ??  Is   11:45AM   0:12.21
/usr/local/bin/spamd -c -d -u cyrus

Comment 1 Theo Van Dinter 2004-12-08 09:56:59 UTC

Subject: Re:  New: spamd respawns not with setuid() to user given with -u

On Wed, Dec 08, 2004 at 09:49:55AM -0800, bugzilla-daemon@bugzilla.spamassassin.org wrote:
> spamd started with: -c -d -u cyrus
> cyrus   22889 65.6 18.9 51740 48676  ??  Ss    6:48PM   0:12.18
> /usr/local/bin/spamd -c -d -u cyrus -r /var/run/spamd/spamd.
> 
> looks after processing max connections per child like this (childs running as
> root instead cyrus):
> cyrus   98999  0.0  5.6 51740 14304  ??  Is   11:45AM   0:12.21
> /usr/local/bin/spamd -c -d -u cyrus

The first issue is that the parent PID has changed, so you're not running
the same spamd.  They even have different commandline options (no -r on
the second one).

Comment 2 Michael Ranner 2004-12-09 00:46:44 UTC

Im not as dumb to know that. I tried to submit a simple example, 
commandline parameters are cut off by terminal window. The next 
few lines shows you the same parent process (22889) as yesterday 
I restarted it. I have max. conn. per chield set to 16 to reproduce 
it faster: 
  
root     60146  0.0 11.8 55124 30488  ??  I     6:06AM   0:31.92 spamd child 
(perl) 
root     60024  0.0 15.7 61344 40432  ??  I     6:05AM   0:43.93 spamd child 
(perl) 
root     60023  0.0 15.6 55740 40144  ??  I     6:05AM   0:48.92 spamd child 
(perl) 
root     59993  0.0 18.7 65436 48088  ??  I     6:05AM   0:50.89 spamd child 
(perl) 
cyrus    22889  0.0  0.5 51740 1320  ??  Is    6:48PM   
0:12.40 /usr/local/bin/spamd -c -d -u cyrus -r /var/run

Comment 3 Helge Oldach 2004-12-14 03:24:21 UTC

I think this is similar to bug #3897. See there for a patch.

Comment 4 Michael Ranner 2004-12-14 06:25:34 UTC

Yes it sounds similar. But I am running spamd as cyrus and start spamc only and 
explicit as user cyrus (by postfix) and root never connects to spamd.It's not 
only a problem of changing back to correct user after processing, because it 
should run as user invoking spamc.

Comment 5 Helge Oldach 2004-12-14 11:06:05 UTC

Correct me if I'm wrong:

If you start spamd with "-u user" it will *always* run as "user", regardless of 
the actual user that comes from spamc. From the manpage: "If this option is not 
set, the default behaviour is to setuid() to the user running "spamc", if 
"spamd" is running as root." (Note the magic word "not".)

Hence you are forcing spamd to always run as "cyrus", and you observe is that it 
doesn't setuid to "cyrus" after child re-spawn. This is exactly what bug #3897 
is about.

Can you please try the patch in that bug?

Comment 6 Bob Menschel 2005-04-28 22:06:32 UTC

Michael -- any results from trying the bug 3897 patch?

Comment 7 Justin Mason 2005-05-10 19:48:13 UTC

should be fixed by bug 3897 or bug 3900.