From timon@netherworld.ru  Fri Jun 28 05:15:44 2002
Return-Path: <timon@netherworld.ru>
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BA43D37B400
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 28 Jun 2002 05:15:43 -0700 (PDT)
Received: from netherworld.ru (memphis.mephi.ru [194.67.67.234])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A426343E06
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 28 Jun 2002 05:15:29 -0700 (PDT)
	(envelope-from timon@netherworld.ru)
Received: from netherworld.ru (localhost [127.0.0.1])
	by netherworld.ru (8.12.3/8.12.3) with ESMTP id g5SC81C9049971
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 28 Jun 2002 16:08:01 +0400 (MSD)
	(envelope-from timon@netherworld.ru)
Received: (from timon@localhost)
	by netherworld.ru (8.12.3/8.12.3/Submit) id g5SC81CR049970;
	Fri, 28 Jun 2002 16:08:01 +0400 (MSD)
Message-Id: <200206281208.g5SC81CR049970@netherworld.ru>
Date: Fri, 28 Jun 2002 16:08:01 +0400 (MSD)
From: "Artem 'Zazoobr' Ignatjev" <timon@netherworld.ru>
Reply-To: "Artem 'Zazoobr' Ignatjev" <timon@netherworld.ru>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: Sendmail 8.12.3 and `msgs' alias
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         39951
>Category:       misc
>Synopsis:       Sendmail 8.12.3 and `msgs' alias
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    gshapiro
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jun 28 05:20:01 PDT 2002
>Closed-Date:    Sat Feb 08 11:04:14 PST 2003
>Last-Modified:  Sat Feb 08 11:04:14 PST 2003
>Originator:     Artem 'Zazoobr' Ignatjev
>Release:        FreeBSD 4.6-RELEASE i386
>Organization:
NetherWorld Ultima Online Server
>Environment:
System: FreeBSD netherworld.ru 4.6-RELEASE FreeBSD 4.6-RELEASE #0: Fri Jun 14 12:49:08 MSD 2002 root@netherworld.ru:/usr/obj/usr/src/sys/NETHER i386


	
>Description:
`msgs' (1) alias in aliases(5) file doesn't work. 
After uncommenting corresponding line in aliases(5) file and rebuilding aliases table, trying mailing to `msgs' user results in error:(see log line)

Jun 28 15:45:46 netherworld sm-mta[47911]: g5SBjjC9047909: to="| /usr/bin/msgs -s", ctladdr=msgs@netherworld.ru (26/0), delay=00:00:01, xdelay=00:00:00, mailer=prog, pri=30616, dsn=5.3.0, stat=unknown mailer error 13
Jun 28 15:45:46 netherworld sm-mta[47911]: g5SBjjC9047909: g5SBjkC9047911: DSN: unknown mailer error 13
and following in my mailbox:
[skip]
    ------ Transcript of session follows -----
msgs: /var/msgs/bounds: permission denied
	
>How-To-Repeat:
uncomment corresponding line in aliases(5) file, run newaliases, then mail(1) msgs user
	
>Fix:
Don't know yet, but:
	replacing `aliases' command with simple script calling 'id | logger', I've got line in logs:
Jun 28 15:52:31 netherworld root: uid=26(mailnull) gid=26(mailnull) groups=26(mailnull) 
	while `ls -la /var/msgs/` tells

total 5
drwxr-xr-x   2 daemon  wheel  512 28  15:48 .
drwxr-xr-x  21 root    wheel  512 17  12:21 ..
-rw-r--r--   1 root    wheel   57 28  15:48 1
-rw-r--r--   1 root    wheel   54 28  15:48 2
-rw-r--r--   1 root    wheel    4 28  15:48 bounds
	


>Release-Note:
>Audit-Trail:

From: "Artem 'Zazoobr' Ignatjev" <timon@netherworld.ru>
To: freebsd-bugs@FreeBSD.org, FreeBSD-gnats-submit@FreeBSD.org
Cc:  
Subject: Re: misc/39951: Sendmail 8.12.3 and `msgs' alias
Date: Thu, 11 Jul 2002 15:09:02 +0400 (MSD)

  On Fri, Jun 28, 2002 at 05:20:01AM -0700, FreeBSD-gnats-submit@FreeBSD.org wrote:
  > Thank you very much for your problem report.
  > It has the internal identification `misc/39951'.
  > The individual assigned to look at your
  > report is: freebsd-bugs. 
  > 
  > >Category:       misc
  > >Responsible:    freebsd-bugs
  > >Synopsis:       Sendmail 8.12.3 and `msgs' alias
  > >Arrival-Date:   Fri Jun 28 05:20:01 PDT 2002
  More digging lead me to following hack (msgs will now be suid, so if it
  can be exploited, that'll be one more hole):
  I've also noted, that first time BINMODE was set incorrect ( 4755 instead of 4555)
  
  ---- Begin patch ----
  diff -U 3 -r usr.bin/msgs/Makefile usr.bin/msgs/Makefile
  --- usr.bin/msgs/Makefile	Wed Jul 10 20:44:12 2002
  +++ usr.bin/msgs/Makefile	Wed Jul 10 20:41:08 2002
  @@ -4,5 +4,6 @@
   PROG=	msgs
   DPADD=	${LIBTERMCAP}
   LDADD=	-ltermcap
  +BINMODE= 4555
   
   .include <bsd.prog.mk>
  diff -U 3 -r usr.bin/msgs/msgs.c usr.bin/msgs/msgs.c
  --- usr.bin/msgs/msgs.c	Wed Jul 10 20:40:12 2002
  +++ usr.bin/msgs/msgs.c	Wed Jul 10 20:41:21 2002
  @@ -179,7 +179,7 @@
   	setlocale(LC_ALL, "");
   
   	time(&t);
  -	setuid(uid = getuid());
  +	setuid(uid = geteuid());
   	ruptible = (signal(SIGINT, SIG_IGN) == SIG_DFL);
   	if (ruptible)
   		signal(SIGINT, SIG_DFL);
  ----  End patch  ----
  
  Directions: apply this standing in source tree root (shake well before
  using :-) )
 
 			Sinceherely yours, Artem 'Zazoobr' Ignatjev.
 --- Unix is like a wigwam: No windows, no gates and an apache inside.

From: Volker Stolz <vs@lambda.foldr.org>
To: freebsd-gnats-submit@FreeBSD.org, timon@netherworld.ru
Cc:  
Subject: Re: misc/39951: Sendmail 8.12.3 and `msgs' alias
Date: Fri, 9 Aug 2002 12:19:39 +0200

 I've just been bitten by this one, too. It looks as if
 making /var/msgs owned by smmsp suffices. Cleaning up
 with `msgs -c' as root from /etc/periodic works, too.
 
 I suggest fixing permission /etc/mtree/BSD.var.dist
 and leaving a comprehensive note for people
 not using the in-tree sendmail with smmsp.
 -- 
 "Gemischte Materialien // Frher: Restmll"
 Aufschrift auf einem Container, Informatik-Parkplatz
 http://lambda.foldr.org/~vs/ * PGP * S/MIME
Responsible-Changed-From-To: freebsd-bugs->gshapiro 
Responsible-Changed-By: gshapiro 
Responsible-Changed-When: Sat Feb 8 10:54:46 PST 2003 
Responsible-Changed-Why:  
Over to sendmail maintainer. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=39951 
State-Changed-From-To: open->closed 
State-Changed-By: gshapiro 
State-Changed-When: Sat Feb 8 11:00:33 PST 2003 
State-Changed-Why:  
I've checked in a comment in /etc/mail/aliases for both CURRENT and STABLE 
which gives users instructions on how to make msgs work properly: 

# NOTE: /var/msgs and /var/msgs/bounds must be owned by sendmail's 
#       DefaultUser (defaults to mailnull) for the msgs alias to work. 
# 
# msgs: "| /usr/bin/msgs -s" 

I don't want to give msgs any special permissions nor do I want to 
make the default permissions on /var/msgs allow for program delivery. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=39951 
>Unformatted:
