Skip to Content.
Sympa Menu

en - Re: [sympa-users] Re: Archiving fails after mhonarc upgrade (more info)

Subject: The mailing list for listmasters using Sympa

List archive

Re: [sympa-users] Re: Archiving fails after mhonarc upgrade (more info)

Chronological Thread  
    < Chronological >       < Thread >
  • From: Olivier Salaun - CRU <address@concealed>
  • To: Glenn Gillis <address@concealed>
  • Cc: address@concealed
  • Subject: Re: [sympa-users] Re: Archiving fails after mhonarc upgrade (more info)
  • Date: Tue, 15 Apr 2003 10:47:49 +0200
Hi Glenn,

This change of behavior in MhOnArc has mainly consequences on WWSympa (when building HTML version of moderated messages) because the CGI is running SetUID.
We do NOT have the problem you report with archived.pl though we use Mhonarc 2.6.0 too. It might be because you are running Sympa on FreeBSD (we run it in Linux RH) and FreeBSD seems to have a strange behavior with setuid(). It looks like FreeBSD does not allow root processes to change all their UIDs (effective UID + real UID + saved UID).

Unfortunately we don't have any FreeBSD for testing purpose. Can you try this on your system :

  1.    Determine all UIDs associated to your archived.pl process :        
  • %ps xf -eo pid,ppid,uid,euid,fuid,fsuid,svuid,suid,ruid,ucmd

Try adding a POSIX setuid() around line 102 of archived.pl : 
  • &POSIX::setuid((getpwnam('--USER--'))[2]);
    
    • 
  





I think sympa-dev ML would be the best place to go on this thread...

Glenn Gillis wrote:


This exit
code appears to represent mhonarc exiting with a refusal to run 

setuid/setgid. As of 2.6.0 mhonarc won't run setuid/setgid. From the
2.6.0 

release notes: 

  

"Setuid/setgid execution causes mhonarc to terminate with an error. 

Mhonarc does not pass taint checks, so we abort with an error that 

setuid/setgid execution is not supported.  MHonArc is too insecure 

for setuid operation and trying to make it setuid-safe would require 

alot of work and potentially limit a large amount of functionality." 

  

Because archived.pl setuid/setgid's to "sympa" at startup, I guess this
context 

applies when archived.pl runs mhonarc. Commenting out the setuid/setgid
lines 

(102 & 103) in archived.pl and starting archived.pl directly by
user "sympa" 

seems to get around the problem. 

  

The easiest way to start a service as a non-root user under FreeBSD
seems to be 

as an entry in the user's crontab with "@reboot" instead of the normal
time 

entries, which runs the command at system startup. I'm not sure about
other 

flavors of *nix. Is anyone else out there successfully running sympa
with 

mhonarc >= 2.6.0? How did you configure  archived.pl to run? Does
this seem like 

a reasonable way to get this to work? 

  




-- 
Olivier Salaun
Comite Reseau des Universites























            

            

                
                    Archive powered by MHonArc 2.6.19+.
                
            




    




            

            


            
Top of Page