From henrich@crh.cl.msu.edu  Mon Mar 18 11:50:13 1996
Received: from crh.cl.msu.edu (crh.cl.msu.edu [35.8.1.24])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id LAA28040
          for <FreeBSD-gnats-submit@freebsd.org>; Mon, 18 Mar 1996 11:50:11 -0800 (PST)
Received: (from henrich@localhost) by crh.cl.msu.edu (8.6.12/8.6.12) id OAA06991; Mon, 18 Mar 1996 14:50:09 -0500
Message-Id: <199603181950.OAA06991@crh.cl.msu.edu>
Date: Mon, 18 Mar 1996 14:50:09 -0500
From: henrich@msu.edu
Reply-To: henrich@msu.edu
To: FreeBSD-gnats-submit@freebsd.org
Subject: mail.local doesnt deal with quota's
X-Send-Pr-Version: 3.2

>Number:         1088
>Category:       misc
>Synopsis:       mail.local will happily overfill a users mailbox putting them over quota
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Mar 18 12:00:01 PST 1996
>Closed-Date:    Wed Mar 27 08:50:25 MET 1996
>Last-Modified:  Wed Mar 27 08:51:07 MET 1996
>Originator:     Charles Henrich
>Release:        FreeBSD 2.1-STABLE i386
>Organization:
       Charles Henrich     Michigan State University     henrich@msu.edu

                         http://pilot.msu.edu/~henrich
>Environment:

        2.1.0-RELEASE (all FreeBSD versions actually)

	

>Description:

        mail.local runs with root permissions and as such can fill a users
        mailbox endlessly.  When quota's are turned on this causing no end
        of problems with elm/pine and any other mailer.  Its also a pain in 
        the ass when users are subscribed to a hundred mailling lists and
        filling up your disk.

	

>How-To-Repeat:

        Send email to a user w/ a quota.

	

>Fix:

        Simple fix, seteuid() in mail.local before attempting delivery, then
        seteuid() back when done.  Patch follows:

*** mail.local.c	Tue May 30 01:46:12 1995
--- /sup/usr/src/libexec/mail.local/mail.local.c	Mon Mar 18 14:42:08 1996
***************
*** 199 ****
--- 200 ----
+         uid_t saveeuid;
***************
*** 234 ****
--- 236,237 ----
+ 
+ 	saveeuid=geteuid();
***************
*** 235 ****
--- 239 ----
+ 
***************
*** 246 ****
--- 251,259 ----
+ 
+                 /* Now that the box is created and permissions are correct, we
+                    close it and go back to the top so that we will come in 
+                    and write as the user.  We dont seteuid() before the above
+                    open, because we have to be root/bin to write in var/mail */
+ 
+                 close(mbfd);
+                 goto tryagain;
+ 
***************
*** 251 ****
--- 265,272 ----
+ 
+ 		/* Become the user, so quota enforcement will occur */
+ 
+ 		if(seteuid(pw->pw_uid) != 0) {
+ 			warn("Unable to setuid()");
+ 			return;
+ 		}    
+ 
***************
*** 258 ****
--- 280 ----
+                         seteuid(saveeuid);
***************
*** 262 ****
--- 285,286 ----
+         if(geteuid() == pw->pw_uid) seteuid(saveeuid);
+ 
***************
*** 285 ****
--- 310 ----
+ 
***************
*** 306 ****
--- 332 ----
+ 

	
	

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: joerg 
State-Changed-When: Wed Mar 27 08:50:25 MET 1996 
State-Changed-Why:  
My patch was bogus, I'll have a new one shortly.  I'm just curious what drugs I 
was on at the time! 

>Unformatted:
