On 2024/03/08 16:11:45 -0800, Andi Vajda <o...@ovaltofu.org> wrote:
>
> On Fri, 8 Mar 2024, Andi Vajda wrote:
>
> > With this configuration, the build succeeds on netbsd 10.0_rc5, but I get
> > the
> > same setuid failure as with 7.4.0p1 (but not with 7.3.0p2):
> >
Thanks to Gilles I had the chance to debug this on a NetBSD vm and
probably found the issue :)
> Looking at obvious differences in the 7.3.0p2, 7.4.0p1 and 7.5.0rc1 smtpd
> executables. From ldd's standpoint, the only additional thing in 7.4.0 and
> 7.5.0 is a reference to libtutil.so.7:
> [...]
This is interesting, but probably a red-herring.
> I also notice that the 7.3.0 smtpd executable is 3.5x smaller than the 7.4.0
> and the 7.5.0 ones. Stripping all three then yields smaller executables for
> 7.4.0 and 7.5.0:
>
> -rwxr-xr-x 1 vajda users 687160 Mar 8 16:08
> opensmtpd-7.3.0p2/local/sbin/smtpd
> -rwxr-xr-x 1 vajda users 548128 Mar 8 16:08
> opensmtpd-7.4.0p1/local/sbin/smtpd
> -rwxr-xr-x 1 vajda users 551816 Mar 8 16:09
> opensmtpd-7.5.0rc1/local/sbin/smtpd
This is interesting and it makes me happy to see that the work of
cleaning and polishing the compat layer has a noticeable effect in the
binary size!
Now, back to the problem, the issue is that on NetBSD seteuid() breaks
setuid() and that inbetween 7.3 and 7.4 I lost the check for the
setreuid() function. So, in openbsd-compat/resuid.c we end up calling
seteuid() and then setuid(), which fails due to the previous seteuid()
call. It's a bit confusing! :)
However, I believe this diff fixes smtpd on NetBSD, please let me know.
diff /home/op/w/opensmtpd
commit - 34723692d48c5bd4d54150e60fb3a1dcd7663e2b
path + /home/op/w/opensmtpd
blob - 948c865875938d34d9540267a15ee3de6464b1bc
file + configure.ac
--- configure.ac
+++ configure.ac
@@ -147,6 +147,7 @@ AC_CHECK_FUNCS([ \
getspnam \
malloc_conceal \
pledge \
+ setreuid \
setsid \
sigaction \
strnvis \
Thanks!
Omar Polo
