Hosting Provided By

Re: unable to run sa-learn utility as non-root user

From: Srilatha <srilatha(at)intoto.com>
Date: Wed Oct 03 2007 - 08:58:31 EDT

Hi,

Even though we run the utility as root, we can specify any user name with option '-u'.

Even though we specify a valid user name, it is not running in the given user context.

When i did code walk through of sa-learn code, it is observed that there is no code in sa-learn utility to set user id of sa-learn process to the given user's

When i copied the following code from spamd and added to sa-learn, it is working fine

# support non-root use
if ( $opt{'username'} ) {

       my ( $uuid, $ugid ) = ( getpwnam( $opt{'username'} ) )[ 2, 3 ];
       if ( !defined $uuid || $uuid == 0 ) {
         die "spamd: cannot run as nonexistent user\n";
       }
       # Change GID
       $) = "$ugid $ugid";    # effective gid
       $( = $ugid;            # real gid

       # Change UID

       $> = $uuid;            # effective uid

       $< = $uuid;            # real uid. we now cannot setuid anymore

       # bug 3900: BSD perl bug. see comment in setuid_to_euid() in
       # Mail::SA::Util on the same issue.
       if ($< != $uuid) {
         dbg("spamd: initial attempt to change real uid failed,

trying BSD workaround");

         $> = $<;              # revert euid to ruid
         $< = $uuid;           # change ruid to target
         $> = $uuid;           # change euid back to target
       }

       if ( $> != $uuid and $> != ( $uuid - 2**32 ) ) {
         die "spamd: setuid to uid $uuid failed\n";
       }
     }

regards,
Srilatha

At 05:46 PM 10/3/2007, Matus UHLAR - fantomas wrote:

>On 03.10.07 13:00, Srilatha wrote:
> > I am using SpamAssassin 3.2.1
> >
> > sa-learn utility is taking user name but it is not running as the given
> > user
> >
> > did anyone observe this issue ?
>
>do you execute it with root privileges? Otherwise it can't run under
>specified user (of course unless  you run it under the same user)
>--
>Matus UHLAR - fantomas, 
uhlar(at)fantomas.sk ; 
http://www.fantomas.sk/
>Warning: I wish NOT to receive e-mail advertising to this address.
>Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
>Your mouse has moved. Windows NT will now restart for changes to take
>to take effect. [OK]



********************************************************************************

This email message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential, proprietary and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please immediately notify the sender by reply email and destroy all copies of the original message. Thank you.

Do you need help?
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related spamassassin.apache.org Links users Request more information about Pantek

Intoto Inc. Received on Wed Oct 3 12:55:38 2007

This message: [ Message body ]
Next message: Rajkumar S: "Re: Purpose for SpamAssassin using MySQL"
Previous message: bgodette(at)idcomm.com: "Re: Purpose for SpamAssassin using MySQL"
In reply to: Matus UHLAR - fantomas: "Re: unable to run sa-learn utility as non-root user"
Next in thread: Matt Kettler: "Re: unable to run sa-learn utility as non-root user"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Sun Oct 28 2007 - 04:11:21 EDT