From nobody@FreeBSD.org  Tue Jun 12 08:47:05 2007
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 21B0216A469
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 12 Jun 2007 08:47:05 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [69.147.83.33])
	by mx1.freebsd.org (Postfix) with ESMTP id 0839D13C4BA
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 12 Jun 2007 08:47:04 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id l5C8l4is005844
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 12 Jun 2007 08:47:04 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id l5C8l3AT005843;
	Tue, 12 Jun 2007 08:47:03 GMT
	(envelope-from nobody)
Message-Id: <200706120847.l5C8l3AT005843@www.freebsd.org>
Date: Tue, 12 Jun 2007 08:47:03 GMT
From: catalin miclaus<catalin@starcomms.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Amavisd-new clean ports install user vscan could not access /usr/local/mail/spamassassin directory
X-Send-Pr-Version: www-3.0

>Number:         113616
>Category:       ports
>Synopsis:       security/Amavisd-new clean ports install user vscan could not access /usr/local/mail/spamassassin directory
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    gabor
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jun 12 08:50:03 GMT 2007
>Closed-Date:    Tue Jun 12 17:44:13 GMT 2007
>Last-Modified:  Tue Jun 12 17:44:13 GMT 2007
>Originator:     catalin miclaus
>Release:        6.2 and 6.1
>Organization:
Starcomms Ltd.
>Environment:
FreeBSD xxx.xxxx.xxx 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Fri Jan 12 11:05:30 UTC 2007     root@dessler.cse.buffalo.edu:/usr/obj/usr/src/sys/SMP  i386
>Description:
Amavisd-new clean install from ports on FreeBSD 6.2 clean install.

[root@mail p5-Mail-SpamAssassin]# amavisd debug-sa "/var/amavis/amavisd.pid" already exists.  Overwriting!
[45082] dbg: logger: adding facilities: all [45082] dbg: logger: logging level is DBG [45082] dbg: generic: SpamAssassin version 3.2.0 [45082] dbg: config: score set 0 chosen.
[45082] dbg: util: running in taint mode? yes [45082] dbg: util: taint mode: deleting unsafe environment variables, resetting PATH [45082] dbg: util: PATH included '/usr/local/sbin', keeping [45082] dbg: util: PATH included '/usr/local/bin', keeping [45082] dbg: util: PATH included '/usr/sbin', keeping [45082] dbg: util: PATH included '/sbin', keeping [45082] dbg: util: PATH included '/usr/bin', keeping [45082] dbg: util: PATH included '/bin', keeping [45082] dbg: util: final PATH set to: /usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin
[45082] dbg: dns: is Net::DNS::Resolver available? yes [45082] dbg: dns: Net::DNS version: 0.59 [45082] dbg: ignore: test message to precompile patterns and load modules
config: could not find site rules directory [45082] dbg: config: using "/usr/local/share/spamassassin" for sys rules pre files [45082] dbg: config: using "/usr/local/share/spamassassin" for default rules dir [45082] dbg: config: read file /usr/local/share/spamassassin/10_default_prefs.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/20_advance_fee.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/20_body_tests.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/20_compensate.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/20_dnsbl_tests.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/20_drugs.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/20_dynrdns.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/20_fake_helo_tests.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/20_head_tests.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/20_html_tests.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/20_imageinfo.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/20_meta_tests.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/20_net_tests.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/20_phrases.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/20_porn.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/20_ratware.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/20_uri_tests.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/20_vbounce.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/23_bayes.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/25_accessdb.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/25_antivirus.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/25_asn.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/25_dcc.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/25_dkim.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/25_domainkeys.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/25_hashcash.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/25_pyzor.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/25_razor2.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/25_replace.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/25_spf.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/25_textcat.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/25_uribl.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/30_text_de.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/30_text_fr.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/30_text_it.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/30_text_nl.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/30_text_pl.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/30_text_pt_br.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/50_scores.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/60_awl.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/60_shortcircuit.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/60_whitelist.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/60_whitelist_dk.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/60_whitelist_dkim.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/60_whitelist_spf.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/60_whitelist_subject.cf
[45082] dbg: config: read file /usr/local/share/spamassassin/72_active.cf
[45082] dbg: rules: __MO_OL_9B90B merged duplicates: __MO_OL_C65FA [45082] dbg: rules: __XM_OL_22B61 merged duplicates: __XM_OL_A842E [45082] dbg: rules: __MO_OL_07794 merged duplicates: __MO_OL_8627E __MO_OL_F3B05 [45082] dbg: rules: __XM_OL_07794 merged duplicates: __XM_OL_25340 __XM_OL_3857F __XM_OL_4F240 __XM_OL_58CB5 __XM_OL_6554A __XM_OL_812FF __XM_OL_C65FA __XM_OL_CF0C0 __XM_OL_F475E __XM_OL_F6D01 [45082] dbg: rules: FH_MSGID_01C67 merged duplicates: __MSGID_VGA [45082] dbg: rules: FS_NEW_SOFT_UPLOAD merged duplicates: HS_SUBJ_NEW_SOFTWARE [45082] dbg: rules: __FH_HAS_XMSMAIL merged duplicates: __HAS_MSMAIL_PRI [45082] dbg: rules: __MO_OL_015D5 merged duplicates: __MO_OL_6554A [45082] dbg: rules: __MO_OL_91287 merged duplicates: __MO_OL_B30D1 __MO_OL_CF0C0 [45082] dbg: rules: __XM_OL_015D5 merged duplicates: __XM_OL_4BF4C __XM_OL_4EEDB __XM_OL_5B79A __XM_OL_9B90B __XM_OL_ADFF7 __XM_OL_B30D1 __XM_OL_B4B40 __XM_OL_BC7E6 __XM_OL_F3B05 __XM_OL_FF5C8 [45082] dbg: rules: __X
 M_OL_5E7ED merged duplicates: __XM_OL_D03AB [45082] dbg: rules: __MO_OL_22B61 merged duplicates: __MO_OL_4F240 __MO_OL_ADFF7 [45082] dbg: rules: __MO_OL_812FF merged duplicates: __MO_OL_BC7E6 [45082] dbg: rules: __MO_OL_25340 merged duplicates: __MO_OL_4EEDB __MO_OL_7533E [45082] dbg: rules: __MO_OL_58CB5 merged duplicates: __MO_OL_B4B40 [45082] dbg: rules: __DOS_HAS_ANY_URI merged duplicates: __HAS_ANY_URI [45082] dbg: rules: __XM_OL_C7C33 merged duplicates: __XM_OL_C9068 __XM_OL_EF20B [45082] dbg: rules: __MO_OL_72641 merged duplicates: __MO_OL_A842E [45082] dbg: rules: __MO_OL_5E7ED merged duplicates: __MO_OL_C7C33 [45082] dbg: rules: __MO_OL_F475E merged duplicates: __MO_OL_FF5C8 [45082] dbg: rules: __MO_OL_4BF4C merged duplicates: __MO_OL_F6D01 [45082] dbg: conf: finish parsing [45082] dbg: bayes: no dbs present, cannot tie DB R/O: /var/amavis/var/.spamassassin/bayes_toks
[45082] dbg: config: score set 0 chosen.
[45082] dbg: message: main message type: text/plain [45082] dbg: message: ---- MIME PARSER START ---- [45082] dbg: message: parsing normal part [45082] dbg: message: ---- MIME PARSER END ---- [45082] dbg: bayes: no dbs present, cannot tie DB R/O: /var/amavis/var/.spamassassin/bayes_toks
Suicide () TROUBLE in pre_loop_hook: check: no loaded plugin implements 'check_main': cannot scan! at /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 164.

Easy to identify by suid to vscan user and try listing /usr/local/etc/mail/spamassassin directory.
You will get a permission denied.
>How-To-Repeat:
cd /usr/ports/security/amavisd-new
make install clean

su vscan

ls /usr/local/etc/mail/spamassassin
permission denied
>Fix:
We have to fix permission on /usr/local/etc/mail and subdirectories like this:

drwxr-xr-x   3 root  wheel     512 Jun  8 13:21 mail

Default permission were like this:

drwx------   3 root  wheel     512 Jun  8 13:21 mail

We would appreciate if this can be done automatically by amavisd-new ports install.

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->gabor 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Tue Jun 12 09:38:03 UTC 2007 
Responsible-Changed-Why:  
Over to maintainer 

http://www.freebsd.org/cgi/query-pr.cgi?pr=113616 
State-Changed-From-To: open->closed 
State-Changed-By: gabor 
State-Changed-When: Tue Jun 12 17:41:14 UTC 2007 
State-Changed-Why:  
Dear Catalin, 

the spamassassin directory is installed by SpamAssassin and not by amavisd-new 
directly, thus it is not correct to change that from the amavisd-new port. 
You should still fine-tune that, or please try to send an another ticket for 
SpamAssassin and ask the maintainer to install those files with world read 
if possible. 
Thanks for your report anyway! 

Regards, 
Gabor 

http://www.freebsd.org/cgi/query-pr.cgi?pr=113616 
>Unformatted:
