On Thu, 2009-06-04 at 15:15 -0400, Steeve McCauley wrote:
> On Thu, Jun 04, 2009 at 06:28:18PM +0200, Karsten Bräckelmann wrote:
> > > Today on a whim I decided to add -u <username> to the spamc
> > > command line in my procmail filter and bayes started working.
> >
> > > I discovered in the syslog the following difference before and
> > > after the change,
> > >
> > > Thu Jun 4 07:40:03 2009 [29789] info: spamd: setuid to openpkg-r
> > > succeeded
> > > Thu Jun 4 08:15:02 2009 [29789] info: spamd: setuid to steeve succeeded
> > >
> > > so it's now obvious that it was running as user openpkg-r, rather
> > > than my user own user name, which is the user under which spamd is
> >
> > I believe this is wrong. spamd appears to be running as root. Otherwise,
> > it would not have setuid'ed to the user in the first place.
>
> spamd is running as root, but it does a setuid to openpkg-r
> when recieving from spamc, unless I use -u steeve.
Yep, spamd will setuid to the user it scans the mail for, as told by
spamc.
The -u option is just a way to override it. By default, spamc tells
spamd which user it (that is spamc) is running as. So I still believe
spamc at that point does not run as your user, for some reason.
> > > The mystery for me is why spamd was doing setuid to it's own uid rather
> > > than my uid, unless I forced it with the -u switch. I know that procmail
> > > is not running as user openpkg-r which just adds to the mystery.
> >
> > My guess is, this assumption is wrong. :) At least at the point in the
> > procmail recipe where spamc is being called, procmail appears to run as
> > the openpkg-r user.
> >
> > spamc tells the user it is running as by default.
> >
> >
> > > Any ideas?
> >
> > Just to verify, try adding something like this to your procmailrc, right
> > before the recipe that filters through spamc. Then check the log. (Note,
> > linebreak intended.)
> >
> > LOG = "Hello, I am ${LOGNAME}.
> > "
>
> Procmail is running as "steeve",
>
> Hello, I am steeve.
Weird. :) Honestly, I quickly pulled LOGNAME out of the man page. I'm
not entirely sure this really reflects the UID. I guess I'd alter that
debugging log line, to dump some other information, to track this down.
BTW, is this a site-wide procmailrc or a user one? Did you DROPPRIVS
before that, in case of site-wide?
> >From medicalhairrestoration...@hairproonline.com Thu Jun 4 14:05:08 2009
> Subject: [SPAM 4.6] RE: Hair news : Free DVD
> Folder: /var/mail/steeve
> 341674
>
> It woudl have been incredbily perplexing if procmail were running
> as an openpkg user since it's not an openpkg package.
But spamc is. Not that that really should matter, but there's a link.
Any chance it's a setuid executable?
Can you try to have a glimpse at the user spamc is running as, as called
by procmail? That requires some fairly good timing. :) Or faking a
spamd by using 'nc' and checking the User header...
> Something is weird here between spamc and spamd.
>
> Thanks for the reply,
guenther
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
