Okay, now for a more interesting one, and one that's less likely to be
fixed only through violence.
Summary: inc fails to lock my mailbox.
Details: NMH 1.0.4, configured for dot-locking. It can't lock a mailbox.
Why? Because
setgid(return_gid);
fails. Why? EPERM. The problem is that "setgid" on BSD/OS sets *all* the
gid's to the specified value, so when we do
setgid(getgid());
we are losing the ability to swap back.
If I change all references to "setgid" to "setegid", the program works fine,
and I get all my mail.
The enclosed diffs appear to correct this problem for me. I don't really
trust this; it's not vetted for security risks, or anything. It saves
incoming mail under my uid, and it locks correctly as group mail. I make
no other promises.
*** inc.c Wed Feb 28 16:29:17 2001
--- inc.c.new Thu May 31 16:20:48 2001
***************
*** 372,378 ****
#ifdef MAILGROUP
return_gid = getegid(); /* Save effective gid, assuming we'll use it */
! setgid(getgid()); /* Turn off extraordinary privileges */
#endif /* MAILGROUP */
#ifdef POP
--- 372,378 ----
#ifdef MAILGROUP
return_gid = getegid(); /* Save effective gid, assuming we'll use it */
! setegid(getgid()); /* Turn off extraordinary privileges */
#endif /* MAILGROUP */
#ifdef POP
***************
*** 493,499 ****
}
#ifdef MAILGROUP
! setgid(return_gid); /* Reset gid to lock mail file */
#endif /* MAILGROUP */
/* lock and fopen the mail spool */
--- 493,499 ----
}
#ifdef MAILGROUP
! setegid(return_gid); /* Reset gid to lock mail file */
#endif /* MAILGROUP */
/* lock and fopen the mail spool */
***************
*** 501,507 ****
adios (NULL, "unable to lock and fopen %s", newmail);
#ifdef MAILGROUP
! setgid(getgid()); /* Return us to normal privileges */
#endif /* MAILGROUP */
fstat (fileno(in), &s1);
} else {
--- 501,507 ----
adios (NULL, "unable to lock and fopen %s", newmail);
#ifdef MAILGROUP
! setegid(getgid()); /* Return us to normal privileges */
#endif /* MAILGROUP */
fstat (fileno(in), &s1);
} else {
***************
*** 512,518 ****
}
#ifdef MAILGROUP
! setgid(getgid()); /* Return us to normal privileges */
#endif /* MAILGROUP */
if (audfile) {
--- 512,518 ----
}
#ifdef MAILGROUP
! setegid(getgid()); /* Return us to normal privileges */
#endif /* MAILGROUP */
if (audfile) {
***************
*** 774,787 ****
if (locked) {
#ifdef MAILGROUP
/* Be sure we can unlock mail file */
! setgid(return_gid);
#endif /* MAILGROUP */
lkfclose (in, newmail);
#ifdef MAILGROUP
/* And then return us to normal privileges */
! setgid(getgid());
#endif /* MAILGROUP */
} else {
fclose (in);
--- 774,787 ----
if (locked) {
#ifdef MAILGROUP
/* Be sure we can unlock mail file */
! setegid(return_gid);
#endif /* MAILGROUP */
lkfclose (in, newmail);
#ifdef MAILGROUP
/* And then return us to normal privileges */
! setegid(getgid());
#endif /* MAILGROUP */
} else {
fclose (in);
***************
*** 844,856 ****
if (inc_type == INC_FILE) {
if (locked) {
#ifdef MAILGROUP
! setgid(return_gid); /* Be sure we can unlock mail file */
#endif /* MAILGROUP */
lkfclose (in, newmail);
#ifdef MAILGROUP
! setgid(getgid()); /* And then return us to normal privileges */
#endif /* MAILGROUP */
} else {
fclose (in);
--- 844,856 ----
if (inc_type == INC_FILE) {
if (locked) {
#ifdef MAILGROUP
! setegid(return_gid); /* Be sure we can unlock mail file */
#endif /* MAILGROUP */
lkfclose (in, newmail);
#ifdef MAILGROUP
! setegid(getgid()); /* And then return us to normal privileges */
#endif /* MAILGROUP */
} else {
fclose (in);
