The mailing list for listmasters using Sympa

[Erik Olson <address@concealed>]

SWEET!  I confirm this works on my setup as well.  Hopefully the sympa 
devs will integrate this into the next release....

  - Erik

On Tue, 8 May 2012, Emmanuel Bouthenot wrote:

> Hi,
>
> On Tue, May 08, 2012 at 10:23:59AM -0600, Russ Kepler wrote:
> [...]
>
> > May  8 10:16:36 main wwsympa[3375]: info Auth::create_one_time_ticket()
> > Auth::create_one_time_ticket(address@concealed,main.kepler-
> > eng.com,choosepasswd,127.0.0.1) value = 44045423938531
> > May  8 10:16:36 main kernel: [396069.931950] wwsympa.fcgi[3375] general
> > protection ip:7f86b5250d31 sp:7fff4680d4d0 error:0 in
> > libperl.so.5.14.2[7f86b51ba000+173000]
> >
> > I'm running with perl 5.14.2 on the most recent kubuntu release.
> >
> > I just recently upgraded to 6.1.7, this appears to be a new problem.
>
> A bug report has been filed recently about this issue in the Debian
> bug tracker[1] and as part of the Debian Sympa Team I tried to
> understand what went wrong in this case in order to try to fix it.
>
> I've installed multiple version of Perl in parallel (5.12.4, 5.14.2 and
> 5.15.9) and try to reproduce the bug inside gdb. The gdb backtrace leads
> me to the discussion[2] started by Erik Olson on the Perl porters
> mailing list.
>
> This discussion was very interesting (Thanks to Erik for his work). It
> makes me understand that the 'tainted mode' was not the responsible but
> a parameter that made the crash happen.
>
> It makes me understand that the perl option '-U' should not be used in
> the cgi shebang of wwsympa.fcgi.
>
> The fix is pretty trivial if you want to test it:
> - You have to remove the -U from the shebang of wwsympa.fcgi
> - the C wrapper has to be modified to change the effective user/group
>   before executing the cgi script
>
>
> If the cgi script and the wrapper are located in /usr/lib/cgi-bin/sympa/
> (if its not the case, ajust it according to your installation)
>
> Create a file /tmp/wwsympa-wrapper.fcgi.c with the following content:
>
> --8<-----------------------------------
> #include <unistd.h>
>
> int main(int argn, char **argv, char **envp) {
>    setreuid(geteuid(),geteuid()); // Added to fix the segfault
>    setregid(getegid(),getegid()); // Added to fix the segfault
>    argv[0] = "/usr/lib/cgi-bin/sympa/wwsympa.fcgi";
>    execve("/usr/lib/cgi-bin/sympa/wwsympa.fcgi",argv,envp);
> }
> ----------------------------------->8--
>
> then
>
> # gcc -Wall /tmp/wwsympa-wrapper.fcgi.c -o 
> /usr/lib/cgi-bin/sympa/wwsympa-wrapper.fcgi
> # chown sympa:sympa /usr/lib/cgi-bin/sympa/wwsympa-wrapper.fcgi
> # chmod ug+s /usr/lib/cgi-bin/sympa/wwsympa-wrapper.fcgi
>
> Restart the webserver and it should work.
>
> As a bonus, this fix also fixes all the error messages like '*Insecure
> dependency in*' in the webserver error logs.
>
> This fix should also be applied to sympa_soap_server.fcgi and its
> wrapper (sympa_soap_server-wrapper.fcgi) if you're using this feature.
>
>
> Regards,
>
> M.
>
> [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655269
> [2] http://www.nntp.perl.org/group/perl.perl5.porters/2012/01/msg181404.html

--
Erik Olson