From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.comp.sysutils.supervision.general/738 Path: news.gmane.org!not-for-mail From: "George Georgalis" Newsgroups: gmane.comp.sysutils.supervision.general,gmane.linux.kernel,gmane.text.xml.cocoon.user,gmane.comp.misc.pape.general Subject: Re: a problem with linux 2.6.11 and sa Date: Tue, 8 Mar 2005 11:58:14 -0500 Message-ID: <20050308165814.GA1936@ixeon.local> References: <20050303214023.GD1251@ixeon.local> <6.2.1.2.0.20050303165334.038f32a0@192.168.50.2> <20050303224616.GA1428@ixeon.local> <871xaqb6o0.fsf@amaterasu.srvr.nix> NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1110301508 30655 80.91.229.2 (8 Mar 2005 17:05:08 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Tue, 8 Mar 2005 17:05:08 +0000 (UTC) Cc: linux-kernel@vger.kernel.org, users@spamassassin.apache.org, misc@list.smarden.org, supervision@list.skarnet.org Original-X-From: supervision-return-977-gcsg-supervision=m.gmane.org@list.skarnet.org Tue Mar 08 18:05:08 2005 Original-Received: from antah.skarnet.org ([212.85.147.14] ident=qmailr) by ciao.gmane.org with smtp (Exim 4.43) id 1D8i28-0000aC-JI for gcsg-supervision@gmane.org; Tue, 08 Mar 2005 17:58:13 +0100 Original-Received: (qmail 3938 invoked by uid 76); 8 Mar 2005 16:58:39 -0000 Mailing-List: contact supervision-help@list.skarnet.org; run by ezmlm List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Archive: Original-Received: (qmail 3933 invoked from network); 8 Mar 2005 16:58:39 -0000 Mail-Followup-To: linux-kernel@vger.kernel.org, users@spamassassin.apache.org, misc@list.smarden.org, supervision@list.skarnet.org, nix@esperi.org.uk, mkettler@evi-inc.com Original-To: Nix , Matt Kettler Content-Disposition: inline In-Reply-To: <871xaqb6o0.fsf@amaterasu.srvr.nix> X-MailScanner-To: gcsg-supervision@gmane.org Xref: news.gmane.org gmane.comp.sysutils.supervision.general:738 gmane.linux.kernel:285275 gmane.text.xml.cocoon.user:47037 gmane.comp.misc.pape.general:945 X-Report-Spam: http://spam.gmane.org/gmane.comp.sysutils.supervision.general:738 On Tue, Mar 08, 2005 at 01:37:03PM +0000, Nix wrote: >On Thu, 3 Mar 2005, George Georgalis uttered the following: >> I recall a problem a while back with a pipe from >> /proc/kmsg that was sent by root to a program with a >> user uid. The fix was to run the logging program as >> root. Has that protected pipe method been extended >> since 2.6.8.1? > >The entire implementation of pipes has been radically revised between >2.6.10 and 2.6.11: see, e.g., and >. > >Bugs have been spotted in this area in 2.6.10: this may be >another one. Thanks, my issue is clearly between 2.6.10 and 2.6.11; though I won't be able to drill down anything more specific, for a while. The links do look relevant but I cannot say for sure. Here's what I'm doing that is broken. I use tcpserver (functionally similar to inetd) to receive an incoming smtp connection. While the smtp session is still open, the message is piped to a temp file which is then scanned for spam, if it passes the temp file is piped to my local delivery program. If it doesn't pass the spam test or the delivery program fails (disk full etc), the respective error code, if any, is passed to tcpserver. The corresponding accepted, temporary reject or permanently reject signal is passed to the remote sender. The temp file is then removed or, for spam, it is cataloged for statistics and/or abuse reporting. An additional copy is kept in a traditional maildir to check for false positives. #!/bin/bash # exit 31 = permanently refuse # exit 71 = temporarily refuse # pwd is /var/qmail echo $0 # for the logs scq="spamc-queue" # a maildir with qmaild write perms tmp="${scq}/`safecat "${scq}/tmp" "${scq}" >$sipd/date # keep track of when they came maildir "${sipd}" >/dev/null <"$tmp" # keep a copy for reporting maildir "${scq}" >/dev/null <"$tmp" # save it to verify no falseys rm "$tmp" exit 31 ;; *) # spamc error, echo "$0 error, spamc exit $sce" exit 71 esac exit 81 # Internal bug >If you can reproduce it consistently, *please* report >this to the linux-kernel list! I did, but have had no response to my followup: Date: Fri, 4 Mar 2005 15:58:43 -0500 Subject: Re: problem with linux 2.6.11 and sa >(I don't see what you mean by `a pipe rom /proc/kmsg', though: >pipes connect processes, not files. File redirections are >quite different and should work unchanged in 2.6.11.) An interesting technique that allows a program (such as a log writer) to run as an unprivileged user, while receiving privileged data. (taken almost verbatim from Gerrit Pape's socklog) #!/bin/sh exec &1 exec softlimit -m 2000000 setuidgid nobody socklog ucspi This script, run by root takes its stdin from /proc/kmsg then combines its stdout and stderr, and exec-switches to the socklog program run as an ucspi application listening to the domain stream socket, as nobody:nogroup, with memory consumption limited to 2Mb. (and sends log to stdout) It worked flawlessly until several kernel revs back when the kernel started protecting kmsg and wouldn't allow the user program to receive it, result: nothing sent to the logging program and no error. The fix was to run socklog as root instead of nobody. // George -- George Georgalis, systems architect, administrator Linux BSD IXOYE http://galis.org/george/ cell:646-331-2027 mailto:george@galis.org