I just spent a lot of time tracking down a weird problem with Majordomo. I
thought I should share.
>From the FAQ, section 2.1
Do not install the wrapper on a ... filesystem mounted with the "nosuid"
option set. This will prevent the wrapper from working.
Well, yes and no. Depending on the uid wrapper is run under, and the
permissions on the directories, and the version of sendmail, wrapper might
run happily along without ever needing suid privileges.
Or, Depending on the uid and the version of sendmail, it may instead cause
sendmail to refuse, leading the poor listmaster on a wild goose chase trying
to figure out Why majordomo has stopped working when it _used to_ work just
fine thank you.
The wrapper doesn't bother to check its errors.
When we rebooted after a power failure on July 4th, our lists all stopped
working. We found one or two small problems, (including a huge mail queue)
but nothing solved the biggest problem - mail to majordomo@host worked; mail
to the lists failed.
We were getting various known (but unfortunate) errors from Good Ol'
Blameless Sendmail : lists was group writable, lists was _not_ writable, lock
file couldn't be written... all addressed by FAQ # 4.12 but not
cross-referenced back to anything (and, of course, majordomo had _stopped_
working; it used to work).
./wrapper config-test said everything was fine; either config-test liked the
permissions or sendmail liked them but neither was willing to be happy at the
same time.
After a lot of effort we found the problem:
our list dirs weren't group writable (owner: majordomo group: daeomn)
wrapper was running as daemon.daemon (not majordomo.daemon)
...
a bug in wrapper.c and a bug in config-test, were now being exercised
by a recent change to our mount points - we're now mounting all but
the system disk "nosuid".
The change to mount the file systems was made several weeks before the reboot
and forgotten.
So... wrapper didn't have the ID we thought it had, sendmail was running
wrapper as ID daemon, group daemon; group couldn't write the directories;
user was all wrong; and neither wrapper nor config-test were reporting the
problem (even though config-test was Looking At The Problem!
The bugs:
1) wrapper.c does not check the return code from the setuid() or setgid()
calls; so wrapper was NOT running as majordomo.daemon but it
never complained (the FAQ is correct but some conventional C programming
wisdom should be put to use - check the return codes!)
2) config-test does "uid/gid" checks... but only compares effective to
real;
it doesn't compare either to what is set in W_USER and W_GROUP (or
WRAPPER_OWNER and WRAPPER_Group) so config-test was happily reporting
Nothing bad found!
This is a heads-up. Note that bug #1 can be patched locally by a reasonbly
competent C programmer. Bug #2 takes a little more effort but should not be
that difficult either.
Both bugs have been reported to Majordomo-Workers.
The FAQ contains the crucial information... iff one reads the entire FAQ (or
at least all of section 2.1) and understands the clues. Unfortunately, the
symptoms are documented in sec. 4.12 and no cross-references are made between
the sections. And, of course, Majordomo had been "working correctly" for two
years... until it simply stopped working at all.
Hindsight is 20:20
- Vicki
--
--
Vicki Brown ZZZ Journeyman Sourceror:
P.O. Box 1269 zz |\ _,,,---,,_ Scripts & Philtres
San Bruno, CA zz /,`.-'`' -. ;-;;,_
94066 USA |,4- ) )-,_. ,\ ( `'-'
mailto:vlb@cfcl.com '---''(_/--' `-'\_) http://www.cfcl.com/~vlb
|
|
