Bug#365892: dcc-client: dccproc can't open /var/lib/dcc/map

Wed, 03 May 2006 08:23:33 -0700 

Package: dcc-client
Version: 1.2.74-2
Severity: normal


dccproc, called from spamassassin, does not seem to be able to open the
/var/lib/dcc/map file, even though dccproc is suid root. Here is a
strace ...

   % strace -f spamassassin -t < /tmp/spamex5 | & grep -i dcc 

   read(8, ärm/) {\n      dbg (\"DCCifd check"..., 4096) = 4096
   read(8, "{body} of $self->{conf}->{dcc_bo"..., 4096) = 4096
   stat("/usr/local/bin/dccproc", 0x503140) = -1 ENOENT (No such file or 
directory)
   stat("/bin/dccproc", 0x503140)          = -1 ENOENT (No such file or 
directory)
   stat("/usr/bin/dccproc", {st_mode=S_IFREG|S_ISUID|0755, st_size=530728, 
...}) = 0
   stat("/usr/bin/dccproc", {st_mode=S_IFREG|S_ISUID|0755, st_size=530728, 
...}) = 0
   stat("/usr/bin/dccproc", {st_mode=S_IFREG|S_ISUID|0755, st_size=530728, 
...}) = 0
   [pid 24999] execve("/usr/bin/dccproc", ["/usr/bin/dccproc", "-H", "-R"], [/* 
54 vars */]) = 0
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
   [pid 24999] chdir("/var/lib/dcc")       = 0
   [pid 24999] open("/var/lib/dcc/map", O_RDWR) = -1 EACCES (Permission denied)
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
   [pid 24999] write(2, "open(/var/lib/dcc/map): Permissi"..., 41 <unfinished 
...>
   [pid 24969] <... read resumed> "open(/var/lib/dcc/map): Permissi"..., 4096) 
= 41
   [pid 24999] sendto(3, "<19>May  3 12:24:51 dccproc[2499"..., 77, 0, NULL, 0) 
= 77

You can see that process 24999 turns itself into dccproc and then fails
to access the map file. Here are the relevant permissions:

   -rwsr-xr-x  1 root root 530728 Apr  6  2005 /usr/bin/dccproc
   drwxr-xr-x  2 dcc dcc 1024 May  2 15:07 /var/lib/dcc
   -rw-rw----  1 dcc dcc 4792 May  2 15:07 /var/lib/dcc/map

I would guess that execve in this libc loses suid perms? Or maybe a
second exec does. A soultion might be to add myself to the dcc group
(I alreadty made the map writable by dcc) .... yes, confirmed:

     [pid 25771] chdir("/var/lib/dcc")       = 0
     [pid 25771] open("/var/lib/dcc/map", O_RDWR) = 3
     [pid 25771] write(2, "/var/lib/dcc/map is not private", 31 <unfinished ...>
     [pid 25748] <... read resumed> "/var/lib/dcc/map is not private", 4096) = 
31

however, that leads to a second complaint! Well, its test is wrong
anyway. It shouldn't be testing for access by non-owner, but access by
non-group.


-- System Information:
Debian Release: 3.1
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.15.5
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C)

Versions of packages dcc-client depends on:
ii  dcc-common                  1.2.74-2     Distributed Checksum Clearinghouse
ii  libc6                       2.3.2.ds1-22 GNU C Library: Shared libraries an

-- no debconf information

Peter

Reply via email to