From henrich@crh.cl.msu.edu  Sat Mar 30 10:06:31 1996
Received: from crh.cl.msu.edu (crh.cl.msu.edu [35.8.1.24])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id KAA22163
          for <FreeBSD-gnats-submit@freebsd.org>; Sat, 30 Mar 1996 10:06:30 -0800 (PST)
Received: (from henrich@localhost) by crh.cl.msu.edu (8.6.12/8.6.12) id NAA00616; Sat, 30 Mar 1996 13:06:22 -0500
Message-Id: <199603301806.NAA00616@crh.cl.msu.edu>
Date: Sat, 30 Mar 1996 13:06:22 -0500
From: henrich@crh.cl.msu.edu
Reply-To: henrich@crh.cl.msu.edu
To: FreeBSD-gnats-submit@freebsd.org
Subject: mail.local bug (quota)
X-Send-Pr-Version: 3.2

>Number:         1111
>Category:       bin
>Synopsis:       mail.local will happily deliver mail to a quota'd filesystem
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    scrappy
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Mar 30 10:10:03 PST 1996
>Closed-Date:    Thu Nov 13 15:18:29 PST 1997
>Last-Modified:  Thu Nov 13 15:20:15 PST 1997
>Originator:     Charles Henrich
>Release:        FreeBSD 2.1-STABLE i386
>Organization:
       Charles Henrich     Michigan State University     henrich@msu.edu

                         http://pilot.msu.edu/~henrich
>Environment:

	
        FreeBSD 2.1 (probably all BSD-4.4 derivitives).

>Description:
 
        /usr/libexec/mail.local runs as root.  As such is can fill up a 
        mailbox on a quota'd filesystem, and keep going... Makes quota's
        almost useless in an ISP environment.

	

>How-To-Repeat:

        send a mail message..
	

>Fix:
	
	
        Here's a patch to mail.local (tested, it works) to cause mail.local
        to become the user before delivery is attempted, which will fail for
        overquota.  One note needs to be said about QUOTA's and mail, when
        one enables quota on a mail system sendmail must run a mail.local
        for each message (e.g. no lower m in the args F= in Mprog in 
        sendmail.cf).  If sendmail attempts multiple recipient delivery, and
        any recipient is over quota, the mail will be requeued for delivery
        again later.  Unfortunatly everyone else who was delivered to at the
        same time, without error, will keep getting copies of the message until
        the entire delivery attempt was a success.  This is an inherent flaw
        in mail.local, and not a result of this patch.

*** mail.local.orig.c	Sat Mar 30 12:59:43 1996
--- /tmp/mail.local.c	Sat Mar 30 12:58:11 1996
***************
*** 199 ****
--- 200 ----
+         uid_t saveeuid;
***************
*** 234 ****
--- 236,237 ----
+ 
+ 	saveeuid=geteuid();
***************
*** 235 ****
--- 239 ----
+ 
***************
*** 246 ****
--- 251,259 ----
+ 
+                 /* Now that the box is created and permissions are correct, we
+                    close it and go back to the top so that we will come in 
+                    and write as the user.  We dont seteuid() before the above
+                    open, because we have to be root/bin to write in var/mail */
+ 
+                 close(mbfd);
+                 goto tryagain;
+ 
***************
*** 251 ****
--- 265,272 ----
+ 
+ 		/* Become the user, so quota enforcement will occur */
+ 
+ 		if(seteuid(pw->pw_uid) != 0) {
+ 			warn("Unable to setuid()");
+ 			return;
+ 		}    
+ 
***************
*** 258 ****
--- 280 ----
+                         seteuid(saveeuid);
***************
*** 265 ****
--- 288,289 ----
+                 seteuid(saveeuid);
+ 
***************
*** 285 ****
--- 310 ----
+ 
***************
*** 304 ****
--- 330 ----
+                 seteuid(saveeuid);
***************
*** 311 ****
--- 338 ----
+                 seteuid(saveeuid);
***************
*** 313 ****
--- 341,342 ----
+ 
+         seteuid(saveeuid);
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: scrappy 
State-Changed-When: Mon Oct 21 23:09:23 PDT 1996 
State-Changed-Why:  

Dust off the cobwebs - Confirm Status 
State-Changed-From-To: feedback->closed 
State-Changed-By: scrappy 
State-Changed-When: Tue Oct 22 13:51:44 PDT 1996 
State-Changed-Why:  

Fixed in Rev 1.8 
State-Changed-From-To: closed->open 
State-Changed-By: scrappy 
State-Changed-When: Tue Oct 22 22:05:59 PDT 1996 
State-Changed-Why:  

Re-opened while awaiting a proper context diff patch from Originator 

this one was more of a learning experience then I expected...*sigh* 



Responsible-Changed-From-To: freebsd-bugs->scrappy 
Responsible-Changed-By: scrappy 
Responsible-Changed-When: Tue Oct 22 22:05:59 PDT 1996 
Responsible-Changed-Why:  
Someone has to, no? 
State-Changed-From-To: open->closed 
State-Changed-By: alex 
State-Changed-When: Thu Nov 13 15:18:29 PST 1997 
State-Changed-Why:  
Fixed in rev 1.14 of mail.local.c. 
>Unformatted:
