login
Login / Register
Header Space

 
 

Home » Mailing list archives » linux-kernel » 2008 » March » 19

Re: [2.6.25-rc5-mm1] regression: cannot run Postfix sendmail command as non-root

Score:
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Benjamin Thery <ben.thery@...>
To: Tilman Schmidt <tilman@...>
Cc: Andrew Morton <akpm@...>, <linux-kernel@...>, <netdev@...>, David Miller <davem@...>, <pekkas@...>, <yoshfuji@...>, Daniel Lezcano <dlezcano@...>, Pavel Emelyanov <xemul@...>
Subject: Re: [2.6.25-rc5-mm1] regression: cannot run Postfix sendmail command as non-root
Date: Wednesday, March 19, 2008 - 1:52 pm

Tilman,

I've finally managed to reproduce your problem with Postfix on one of
my victims.

Earlier, in the afternoon, I wrote a piece of code that triggered a
similar behaviour,
but I wasn't sure it was exactly the problem you found. So, I've
rebuilt Postfix, added
some traces and, voila, same issue as yours.
(The version of Postfix originally  installed on my machine seems to
have IPv6 disabled)

I bisected the problem to the commit "[NET]: Make /proc/net a symlink
on /proc/self/net (v3)"

Here is what happens:

- Recently /proc/net has been moved to /proc/self/net, and
/proc/self/net is a symlink
  on this directory.
- Before that everybody could access /proc/net and read /proc/net/if_inet6:
   dr-xr-xr-x   6 root      root              0 2008-03-05 15:23 /proc/net

- Now, /proc/self/net has a more restrictive access mode and ony the
owner of the
  process can enter the directory:
  dr-xr--r-- 5 toto toto 0 Mar 19 17:30 net

  This is not a problem in most of the cases, but it becomes annoying
when a process
  decides to change its UID or GID. It may loose access to its own
/proc/self/net entries.

- What happens in the Postfix case is the 'sendmail' process executes the
   '/usr/sbin/postdrop' binary to enqueue the message, but unfortunately
   '/usr/bin/postdrop' has the setgid bit set:
   -rwxr-sr-x 1 root postdrop 479475 Mar 19 17:14 /usr/sbin/postdrop

   The process egid changes and this seems to be problematic to access
   /proc/self/net/if_inet6. :)

I've attached a tiny test program that can be used to reproduce the problem
without Postfix.
- Either execute it as root and give it an unprivileged uid in argument
  ./test-proc_net_if_inet6 1001

- Or change its ownership and access mode to: -rwxr-sr-x root postdrop
  and execute it as a lambda user.
   chown root:postdrop test-proc_net_if_inet6; chmod 2755 test-proc_net_if_=
inet6
   ./test-proc_net_if_inet6

I've found the cause but not the fix. :)
(Adding Pavel in cc:)

Regards,
Benjamin


On Thu, Mar 13, 2008 at 8:48 PM, Tilman Schmidt <tilman@imap.cc> wrote:
c5/2.6.25-rc5-mm1/
er-v3
kipping IPv6 configuration
 ::1
ess
5.255.0
:Verbindung
T 2008 i686 i686 i386 GNU/Linux
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
2.6.25-rc5-mm1, Andrew Morton, (Tue Mar 11, 4:14 am)
Re: 2.6.25-rc5-mm1 sparc64 boot problems due to generic pci_..., Mariusz Kozlowski, (Fri Mar 28, 6:52 pm)
Re: 2.6.25-rc5-mm1 sparc64 boot problems due to generic pci_..., David Miller, (Fri Mar 28, 7:10 pm)
Re: 2.6.25-rc5-mm1 sparc64 boot problems due to generic pci_..., Benjamin Herrenschmidt, (Fri Mar 28, 8:44 pm)
Re: 2.6.25-rc5-mm1 build failure of pcsp.c, Mariusz Kozlowski, (Sun Mar 16, 5:38 pm)
Re: 2.6.25-rc5-mm1: "consolechars" hangs on boot, Laurent Riffard, (Thu Mar 13, 6:07 pm)
Re: 2.6.25-rc5-mm1: "consolechars" hangs on boot, Andrew Morton, (Thu Mar 13, 6:38 pm)
Re: 2.6.25-rc5-mm1: "consolechars" hangs on boot, Oleg Nesterov, (Fri Mar 14, 1:26 am)
Re: 2.6.25-rc5-mm1: "consolechars" hangs on boot, Laurent Riffard, (Fri Mar 14, 5:06 pm)
Re: 2.6.25-rc5-mm1: "consolechars" hangs on boot, Oleg Nesterov, (Sat Mar 15, 8:03 am)
[2.6.25-rc5-mm1] regression: cannot run Postfix sendmail com..., Tilman Schmidt, (Thu Mar 13, 3:48 pm)
Re: [2.6.25-rc5-mm1] regression: cannot run Postfix sendmail..., Benjamin Thery, (Wed Mar 19, 1:52 pm)
Re: [2.6.25-rc5-mm1] regression: cannot run Postfix sendmail..., Andrew Morton, (Wed Mar 19, 5:16 pm)
Re: [2.6.25-rc5-mm1] regression: cannot run Postfix sendmail..., Tilman Schmidt, (Wed Mar 19, 7:31 pm)
Re: [2.6.25-rc5-mm1] regression: cannot run Postfix sendmail..., David Miller, (Wed Mar 19, 6:49 pm)
Re: [2.6.25-rc5-mm1] regression: cannot run Postfix sendmail..., Benjamin Thery, (Thu Mar 20, 4:26 am)
Re: [2.6.25-rc5-mm1] regression: cannot run Postfix sendmail..., Rafael J. Wysocki, (Thu Mar 20, 6:21 am)
Re: [2.6.25-rc5-mm1] regression: cannot run Postfix sendmail..., Pavel Emelyanov, (Thu Mar 20, 8:52 am)
Re: [2.6.25-rc5-mm1] regression: cannot run Postfix sendmail..., Benjamin Thery, (Thu Mar 20, 9:48 am)
Re: [2.6.25-rc5-mm1] regression: cannot run Postfix sendmail..., Rafael J. Wysocki, (Thu Mar 20, 10:38 am)
Re: [2.6.25-rc5-mm1] regression: cannot run Postfix sendmail..., Benjamin Thery, (Wed Mar 19, 6:14 pm)
Re: [2.6.25-rc5-mm1] regression: cannot run Postfix sendmail..., Daniel Lezcano, (Thu Mar 13, 6:21 pm)
Re: [2.6.25-rc5-mm1] regression: cannot run Postfix sendmail..., Tilman Schmidt, (Thu Mar 13, 8:08 pm)
Re: [2.6.25-rc5-mm1] regression: cannot run Postfix sendmail..., Daniel Lezcano, (Mon Mar 17, 6:44 am)
Re: [2.6.25-rc5-mm1] regression: cannot run Postfix sendmail..., Tilman Schmidt, (Mon Mar 17, 9:06 am)
Re: [2.6.25-rc5-mm1] regression: cannot run Postfix sendmail..., Daniel Lezcano, (Mon Mar 17, 9:17 am)
Re: [2.6.25-rc5-mm1] regression: cannot run Postfix sendmail..., Benjamin Thery, (Mon Mar 17, 8:50 am)
Re: [2.6.25-rc5-mm1] regression: cannot run Postfix sendmail..., Tilman Schmidt, (Mon Mar 17, 9:35 am)
Re: 2.6.25-rc5-mm1 shutdown crash, Helge Hafting, (Thu Mar 13, 10:03 am)
Re: 2.6.25-rc5-mm1 shutdown crash, Andrew Morton, (Thu Mar 13, 12:12 pm)
Re: 2.6.25-rc5-mm1 shutdown crash, Helge Hafting, (Tue Mar 25, 8:23 am)
[2.6.25-rc5-mm1] WARNING: at drivers/base/sys.c:173, Tilman Schmidt, (Wed Mar 12, 8:15 pm)
Re: [2.6.25-rc5-mm1] WARNING: at drivers/base/sys.c:173, Dave Jones, (Thu Mar 13, 3:56 pm)
Re: [2.6.25-rc5-mm1] WARNING: at drivers/base/sys.c:173, Tilman Schmidt, (Thu Mar 13, 8:01 pm)
Re: [2.6.25-rc5-mm1] WARNING: at drivers/base/sys.c:173, Zhao Yakui, (Thu Mar 13, 8:57 pm)
Re: [2.6.25-rc5-mm1] WARNING: at drivers/base/sys.c:173, Tilman Schmidt, (Sat Mar 15, 8:16 am)
Re: [2.6.25-rc5-mm1] WARNING: at drivers/base/sys.c:173, Tilman Schmidt, (Fri Mar 14, 5:58 am)
Re: [2.6.25-rc5-mm1] WARNING: at drivers/base/sys.c:173, Dave Jones, (Thu Mar 13, 8:44 pm)
Re: [2.6.25-rc5-mm1] WARNING: at drivers/base/sys.c:173, Greg KH, (Thu Mar 13, 4:27 pm)
Re: [2.6.25-rc5-mm1] WARNING: at drivers/base/sys.c:173, Greg KH, (Thu Mar 13, 2:34 pm)
Re: [2.6.25-rc5-mm1] WARNING: at drivers/base/sys.c:173, Dave Jones, (Thu Mar 13, 3:57 pm)
[2.6.25-rc5-mm1] BUG: spinlock bad magic early during boot, Tilman Schmidt, (Wed Mar 12, 7:54 pm)
Re: [2.6.25-rc5-mm1] BUG: spinlock bad magic early during boot, Dave Hansen, (Thu Mar 13, 4:46 pm)
Re: [2.6.25-rc5-mm1] BUG: spinlock bad magic early during boot, Tilman Schmidt, (Thu Mar 13, 8:35 pm)
Re: [2.6.25-rc5-mm1] BUG: spinlock bad magic early during boot, Dave Hansen, (Fri Mar 14, 2:03 pm)
Re: [2.6.25-rc5-mm1] BUG: spinlock bad magic early during boot, Dave Hansen, (Fri Mar 14, 4:06 pm)
Re: [2.6.25-rc5-mm1] BUG: spinlock bad magic early during boot, Eric Piel, (Fri Mar 14, 4:51 pm)
Re: [2.6.25-rc5-mm1] BUG: spinlock bad magic early during boot, Dave Hansen, (Fri Mar 14, 5:35 pm)
Re: [2.6.25-rc5-mm1] BUG: spinlock bad magic early during boot, Eric Piel, (Fri Mar 14, 6:50 pm)
Re: [2.6.25-rc5-mm1] BUG: spinlock bad magic early during boot, Len Brown, (Mon Mar 17, 1:48 pm)
Re: [2.6.25-rc5-mm1] BUG: spinlock bad magic early during boot, Dave Hansen, (Fri Mar 14, 7:29 pm)
Re: [2.6.25-rc5-mm1] BUG: spinlock bad magic early during boot, Tilman Schmidt, (Sat Mar 15, 8:47 am)
Re: [2.6.25-rc5-mm1] BUG: spinlock bad magic early during boot, Dave Hansen, (Sun Mar 16, 4:11 pm)
Re: [2.6.25-rc5-mm1] BUG: spinlock bad magic early during boot, Peter Zijlstra, (Mon Mar 17, 8:23 am)
Re: [2.6.25-rc5-mm1] BUG: spinlock bad magic early during boot, Tilman Schmidt, (Wed Mar 19, 7:50 pm)
Re: [2.6.25-rc5-mm1] BUG: spinlock bad magic early during boot, Linus Torvalds, (Sat Mar 15, 3:21 pm)
Re: [2.6.25-rc5-mm1] BUG: spinlock bad magic early during boot, Éric Piel, (Sat Mar 15, 3:42 pm)
Re: [2.6.25-rc5-mm1] BUG: spinlock bad magic early during boot, Len Brown, (Mon Mar 17, 2:05 pm)
Re: [2.6.25-rc5-mm1] BUG: spinlock bad magic early during boot, Linus Torvalds, (Sat Mar 15, 4:19 pm)
Re: [2.6.25-rc5-mm1] BUG: spinlock bad magic early during boot, Pavel Machek, (Fri Mar 21, 9:17 am)
Re: [2.6.25-rc5-mm1] BUG: spinlock bad magic early during boot, Dave Hansen, (Sun Mar 23, 12:00 pm)
Re: [2.6.25-rc5-mm1] BUG: spinlock bad magic early during boot, Helge Hafting, (Thu Mar 27, 5:23 am)
Re: [2.6.25-rc5-mm1] BUG: spinlock bad magic early during boot, Pavel Machek, (Mon Mar 24, 12:03 pm)
Re: [2.6.25-rc5-mm1] BUG: spinlock bad magic early during boot, Eric Piel, (Mon Mar 24, 1:05 pm)
Re: [2.6.25-rc5-mm1] BUG: spinlock bad magic early during boot, Dave Hansen, (Mon Mar 24, 1:23 pm)
Re: [2.6.25-rc5-mm1] BUG: spinlock bad magic early during boot, Pavel Machek, (Mon Mar 24, 1:19 pm)
Re: [2.6.25-rc5-mm1] BUG: spinlock bad magic early during boot, Len Brown, (Mon Mar 17, 1:59 pm)
Re: [2.6.25-rc5-mm1] BUG: spinlock bad magic early during boot, Éric Piel, (Sat Mar 15, 8:15 pm)
Re: [2.6.25-rc5-mm1] BUG: spinlock bad magic early during boot, Len Brown, (Mon Mar 17, 1:27 pm)
Re: [2.6.25-rc5-mm1] BUG: spinlock bad magic early during boot, Linus Torvalds, (Fri Mar 14, 4:20 pm)
Re: [2.6.25-rc5-mm1] BUG: spinlock bad magic early during boot, Andrew Morton, (Wed Mar 12, 8:04 pm)
Re: [2.6.25-rc5-mm1] BUG: spinlock bad magic early during boot, Dave Hansen, (Thu Mar 13, 5:48 pm)
Re: 2.6.25-rc5-mm1 - x86_64 boot problem ?, Badari Pulavarty, (Wed Mar 12, 2:10 pm)
Re: 2.6.25-rc5-mm1 - x86_64 boot problem ?, Andrew Morton, (Wed Mar 12, 2:15 pm)
Re: 2.6.25-rc5-mm1 - x86_64 boot problem with git-sched.patch, Badari Pulavarty, (Thu Mar 13, 1:09 pm)
Re: 2.6.25-rc5-mm1 - x86_64 boot problem with git-sched.patch, Badari Pulavarty, (Thu Mar 13, 1:40 pm)
Re: 2.6.25-rc5-mm1 - x86_64 boot problem with git-sched.patch, Guillaume Chazarain, (Thu Mar 13, 1:55 pm)
Re: 2.6.25-rc5-mm1 - x86_64 boot problem with git-sched.patch, Badari Pulavarty, (Thu Mar 13, 2:20 pm)
[BUG] 2.6.25-rc5-mm1 kernel panic with "Exception: 501 " on ..., Kamalesh Babulal, (Wed Mar 12, 8:55 am)
Re: [BUG] 2.6.25-rc5-mm1 kernel panic with "Exception: 501 "..., Badari Pulavarty, (Wed Mar 12, 2:14 pm)
Re: [BUG] 2.6.25-rc5-mm1 kernel panic with "Exception: 501 "..., Andrew Morton, (Wed Mar 12, 1:46 pm)
Re: [BUG] 2.6.25-rc5-mm1 kernel panic with "Exception: 501 "..., Benjamin Herrenschmidt, (Wed Mar 12, 4:40 pm)
Re: [BUG] 2.6.25-rc5-mm1 kernel panic with "Exception: 501 "..., Matthew Wilcox, (Wed Mar 12, 1:51 pm)
Re: [BUG] 2.6.25-rc5-mm1 kernel panic with "Exception: 501 "..., Michael Ellerman, (Wed Mar 12, 6:26 pm)
Re: [BUG] 2.6.25-rc5-mm1 kernel panic with "Exception: 501 "..., Matthew Wilcox, (Wed Mar 12, 6:33 pm)
Re: [BUG] 2.6.25-rc5-mm1 kernel panic with "Exception: 501 "..., Kamalesh Babulal, (Thu Mar 13, 9:02 am)
[BUILD_FAILURE] 2.6.25-rc5-mm1 build fails at startup_ipi_ho..., Kamalesh Babulal, (Wed Mar 12, 5:17 am)
Re: 2.6.25-rc5-mm1: NO_HZ=Y &amp;&amp; PREEMPT_RCU=Y fails to build, Laurent Riffard, (Wed Mar 12, 3:21 am)
Re: 2.6.25-rc5-mm1: NO_HZ=Y &amp;&amp; PREEMPT_RCU=Y fails to build, Tilman Schmidt, (Wed Mar 12, 7:43 pm)
Re: 2.6.25-rc5-mm1: NO_HZ=Y &amp;&amp; PREEMPT_RCU=Y fails to build, Andrew Morton, (Wed Mar 12, 3:44 am)
Re: 2.6.25-rc5-mm1: NO_HZ=Y &amp;&amp; PREEMPT_RCU=Y fails to build, Laurent Riffard, (Wed Mar 12, 5:32 pm)
Re: 2.6.25-rc5-mm1, Dave Young, (Tue Mar 11, 9:14 pm)
Re: 2.6.25-rc5-mm1, , (Tue Mar 11, 4:23 pm)
Re: 2.6.25-rc5-mm1, Andrew Morton, (Tue Mar 11, 4:39 pm)
Re: 2.6.25-rc5-mm1, Torsten Kaiser, (Wed Mar 12, 3:33 pm)
Re: 2.6.25-rc5-mm1, Andrew Morton, (Wed Mar 12, 3:44 pm)
Re: 2.6.25-rc5-mm1, Torsten Kaiser, (Wed Mar 12, 4:01 pm)
Re: 2.6.25-rc5-mm1, Torsten Kaiser, (Thu Mar 13, 6:05 pm)
Re: 2.6.25-rc5-mm1, Andrew Morton, (Thu Mar 13, 6:35 pm)
Re: 2.6.25-rc5-mm1, Badari Pulavarty, (Thu Mar 13, 7:10 pm)
Re: 2.6.25-rc5-mm1, Ingo Molnar, (Fri Mar 21, 8:12 am)
Re: 2.6.25-rc5-mm1 (paravirt/vsmp/no PCI), Randy Dunlap, (Tue Mar 11, 1:09 pm)
Re: 2.6.25-rc5-mm1 (paravirt/vsmp/no PCI), Jeremy Fitzhardinge, (Tue Mar 11, 2:18 pm)
Re: 2.6.25-rc5-mm1 (paravirt/vsmp/no PCI), Ravikiran G Thirumalai, (Tue Mar 11, 8:10 pm)
Re: 2.6.25-rc5-mm1 (paravirt/vsmp/no PCI), Ingo Molnar, (Wed Mar 12, 3:14 am)
Re: 2.6.25-rc5-mm1 (paravirt/vsmp/no PCI), Jeremy Fitzhardinge, (Tue Mar 11, 9:51 pm)
Re: 2.6.25-rc5-mm1 (paravirt/vsmp/no PCI), Randy Dunlap, (Tue Mar 11, 9:42 pm)
[Build Failure] 2.6.25-rc5-mm1 Build fails with allmodconfig..., Kamalesh Babulal, (Tue Mar 11, 8:55 am)
Re: [Build Failure] 2.6.25-rc5-mm1 Build fails with allmodco..., Andrew Morton, (Tue Mar 11, 2:19 pm)
Re: [Build Failure] 2.6.25-rc5-mm1 Build fails with allmodco..., Bartlomiej Zolnierkiewicz..., (Tue Mar 11, 3:36 pm)
Re: [Build Failure] 2.6.25-rc5-mm1 Build fails with allmodco..., Andrew Morton, (Tue Mar 11, 1:41 pm)
Re: [Build Failure] 2.6.25-rc5-mm1 Build fails with allmodco..., Bartlomiej Zolnierkiewicz..., (Tue Mar 11, 3:35 pm)
[Build Faliure] 2.6.25-rc5-mm1 build fails , Kamalesh Babulal, (Tue Mar 11, 6:16 am)
Re: [Build Faliure] 2.6.25-rc5-mm1 build fails, Edward Shishkin, (Tue Mar 11, 6:56 am)
Navigation

Mail archive search
Enter your search terms.
Optionally limit your search to a specific mailing list.
advanced
Popular discussions
linux-kernel:
Arjan van de Ven[patch] Add basic sanity checks to the syscall execution patch
debian developerRe: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
monstrMicroblaze init port
Linus TorvaldsRe: Back to the future.
git:
Petr BaudisRe: Cleaning up git user-interface warts
Jan Engelhardtabout c8af1de9 (git status uses pager)
Jakub NarebskiRe: VCS comparison table
Linus TorvaldsRe: kernel.org mirroring (Re: [GIT PULL] MMC update)
openbsd-misc:
Richard StallmanReal men don't attack straw men
Marco PeereboomRe: Real men don't attack straw men
David Newmansetting dscp or tos bits
Khalid SchofieldConfiguring sendmail openbsd 4.2
linux-netdev:
Christoph HellwigRe: [PATCH RFC] [1/9] Core module symbol namespaces code and intro.
Josip Rodinbnx2_poll panicking kernel
Johannes Berg[RFC v2] mac80211: assign needed_headroom/tailroom for netdevs
Francois RomieuRe: NAPI, rx_no_buffer_count, e1000, r8169 and other actors
Latest forum posts
trouble with my Asus Mainboard3 hours agoLinux kernel
How to exec user process in kernel mode.2 days agoLinux kernel
[IPSEC]IPSEC_MANUAL_REQID_MAX3 days agoLinux kernel
help in UDP catching module..3 days agoLinux kernel
Is there anything like Real-time drivers?5 days agoLinux general
ns16550 serail console in Linux 2.6.195 days agoLinux general
what class should i use to register my devices5 days agoLinux kernel
reset bios pasword toshiba6 days agoHardware
Analysis of Process Scheduling1 week agoLinux kernel
RT Kernel and SSH Server Panics1 week agoLinux kernel
Show all forums...
Recent Tags
-rc4 Linus Torvalds -rc5 quote Tux3 filesystem -rc 2.6.27 H. Peter Anvin Daniel Phillips Andrew Morton 2.6.27-rc5 Linux
more tags
Colocation donated by:
Who's online
There are currently 4 users and 1355 guests online.

Online users

Syndicate
Syndicate content
© 2007 KernelTrap.  |  Powered by Drupal.  |  Legal statement.
speck-geostationary