348203 – net-mail/relay-ctrl-3.1.1-r2: trying to overstep limit of opened files

Bug 348203 - net-mail/relay-ctrl-3.1.1-r2: trying to overstep limit of opened files

Summary: net-mail/relay-ctrl-3.1.1-r2: trying to overstep limit of opened files

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Server (show other bugs)
Hardware:	All Linux

Importance:	High minor with 1 vote (vote)
Assignee:	Robin Johnson

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2010-12-08 20:22 UTC by Paweł Drewniak
Modified:	2020-05-31 04:58 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Flags:	robbat2: Bugday+

Attachments
Proposed patch for fixing the issue (rlimit.diff,671 bytes, patch) 2010-12-08 20:24 UTC, Paweł Drewniak	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Paweł Drewniak 2010-12-08 20:22:03 UTC

relay-ctrl-chdir uses a function which tries to move a given file descriptor to highest available slot. This uses a loop which ends when dup2() function returns an error - this way the loop will end as soon as dup2() function tries to overstep limit of opened files in system (RLIMIT_NOFILE).

In a hardened kernel, with logging enabled, there are lots of messages like this:


grsec: denied resource overstep by requesting 1024 for RLIMIT_NOFILE against limit 1024 for /usr/bin/relay-ctrl-chdir[relay-ctrl-chdi:3776] uid/euid:89/89 gid/egid:89/89, parent /usr/lib64/courier-imap/couriertcpd[couriertcpd:2370] uid/euid:0/0 gid/egid:0/0

In a normal kernel, it is probably not noticeable.

I wrote a simple patch for checking against RLIMIT_NOFILE to end the loop before overstepping the limit - this stopped the log flood, although I am not sure if the patch is written cleanly enough (maybe the function should be rewritten) - anyway, please see the attachment.

Cheers,
Pawel


Reproducible: Always

Steps to Reproduce:
1. Use relay-ctrl for SMTP relay control and grsecurity kernel
2. Have relay-ctrl-chdir invoked
3. Observe a warning in dmesg

Actual Results:  
The following warning is produced:

grsec: denied resource overstep by requesting 1024 for RLIMIT_NOFILE against limit 1024 for /usr/bin/relay-ctrl-chdir[relay-ctrl-chdi:3776] uid/euid:89/89 gid/egid:89/89, parent /usr/lib64/courier-imap/couriertcpd[couriertcpd:2370] uid/euid:0/0 gid/egid:0/0


Expected Results:  
There should be no warning (so there should be no cause for it).

Comment 1 Paweł Drewniak 2010-12-08 20:24:40 UTC

Created attachment 256688 [details, diff]
Proposed patch for fixing the issue

Comment 2 Larry the Git Cow gentoo-dev

2020-05-31 04:58:27 UTC

The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=160ea25bdf79c86107ac0659146db4e76c4b5166

commit 160ea25bdf79c86107ac0659146db4e76c4b5166
Author:     Robin H. Johnson <robbat2@gentoo.org>
AuthorDate: 2020-05-31 04:41:34 +0000
Commit:     Robin H. Johnson <robbat2@gentoo.org>
CommitDate: 2020-05-31 04:46:52 +0000

    net-mail/relay-ctrl: fix grsec RLIMIT_NOFILE overstep
    
    Closes: https://bugs.gentoo.org/348203
    Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>

 .../files/relay-ctrl-3.1.1-NOFILE-overstep.patch   | 25 ++++++++++++++++++++++
 net-mail/relay-ctrl/relay-ctrl-3.1.1-r3.ebuild     |  1 +
 2 files changed, 26 insertions(+)