Re: unable to run sa-learn utility as non-root user

Wed, 03 Oct 2007 09:54:49 -0700 

Hi,
Even though we run the utility as root, we can specify any user name with option '-u'. 


Even though we specify a valid user name, it is not running in the 
given user context.



When i did code walk through of sa-learn code, it is observed that 
there is no code in sa-learn utility to set user id of sa-learn 
process to the given user's



When i copied the following code from spamd and added to sa-learn, it 
is working fine


 # support non-root use
  if ( $opt{'username'} ) {
      my ( $uuid, $ugid ) = ( getpwnam( $opt{'username'} ) )[ 2, 3 ];
      if ( !defined $uuid || $uuid == 0 ) {
        die "spamd: cannot run as nonexistent user\n";
      }
      # Change GID
      $) = "$ugid $ugid";    # effective gid
      $( = $ugid;            # real gid

      # Change UID
      $> = $uuid;            # effective uid
      $< = $uuid;            # real uid. we now cannot setuid anymore

      # bug 3900: BSD perl bug. see comment in setuid_to_euid() in
      # Mail::SA::Util on the same issue.
      if ($< != $uuid) {

        dbg("spamd: initial attempt to change real uid failed, 
trying BSD workaround");


        $> = $<;              # revert euid to ruid
        $< = $uuid;           # change ruid to target
        $> = $uuid;           # change euid back to target
      }

      if ( $> != $uuid and $> != ( $uuid - 2**32 ) ) {
        die "spamd: setuid to uid $uuid failed\n";
      }
    }


regards,
Srilatha

At 05:46 PM 10/3/2007, Matus UHLAR - fantomas wrote:

On 03.10.07 13:00, Srilatha wrote:
> I am using SpamAssassin 3.2.1
>
> sa-learn utility is taking user name but it is not running as the given
> user
>
> did anyone observe this issue ?

do you execute it with root privileges? Otherwise it can't run under
specified user (of course unless  you run it under the same user)
--
Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Your mouse has moved. Windows NT will now restart for changes to take
to take effect. [OK]




********************************************************************************

This email message (including any attachments) is for the sole use of the intended recipient(s) 
and may contain confidential, proprietary and privileged information. Any unauthorized review, 
use, disclosure or distribution is prohibited. If you are not the intended recipient, 
please immediately notify the sender by reply email and destroy all copies of the original message. 
Thank you.



Intoto Inc. 






















					Reply via email to