Hi,
Philippe Meunier wrote on Fri, Oct 21, 2016 at 12:35:46PM -0400:
> When cron runs /etc/daily, that script runs df and netstat and the
> output is sent by email to root. On my system, emails to root are
> forwarded to local user meunier using /root/.forward. The forwarding
> itself temporarily creates a lock file in /var/mail:
>
> -rw------- 1 root wheel 0 Oct 21 23:55 meunier.lock
>
> At the same time, /etc/daily runs /usr/libexec/security. The
> check_mailboxes function in that file loops over all the files in
> /var/mail and checks whether the owner of the file matches the name of
> the file. If check_mailboxes happens to be running exactly at the
> same time as the system is forwarding /etc/daily's first email, then
> check_mailboxes sees meunier.lock, the check for that file fails, and
> the result is another email sent to root:
>
> Running security(8):
>
> Checking mailbox ownership.
> user meunier.lock mailbox is owned by root
>
> So I think the check_mailboxes function in /usr/libexec/security
> should either skip lock files or check them in a different way...
I don't think checking ownership of lock files helps anything,
so i'd indeed suggest to simply skip them.
OK for the patch below?
Ingo
Index: security
===================================================================
RCS file: /cvs/src/libexec/security/security,v
retrieving revision 1.36
diff -u -p -r1.36 security
--- security 21 Jul 2015 19:07:13 -0000 1.36
+++ security 22 Oct 2016 06:25:15 -0000
@@ -455,6 +455,7 @@ sub check_mailboxes {
nag !(opendir my $dh, $dir), "opendir: $dir: $!" and return;
foreach my $name (readdir $dh) {
next if $name =~ /^\.\.?$/;
+ next if $name =~ /.\.lock$/;
my ($mode, $fuid, $fgid) = (stat "$dir/$name")[2,4,5];
unless (defined $mode) {
nag !$!{ENOENT}, "stat: $dir/$name: $!";
