Created attachment 494526 [details] spamass-milter.rc5 The init script for spamass-milter gives ownership of its PID file directory to the daemon's runtime user: checkconfig() { if [ ! -d ${piddir:=/var/run/milter} ]; then checkpath -q -d -o milter:milter -m 0755 ${piddir} || return 1 fi This can be exploited by the "milter" user to kill root processes, since when the service is stopped, root will send a SIGTERM to the contents of that file. I've rewritten the init script to work around this. The spamass-milter can't drop privileges on its own, so instead of using the daemon-created PID file, I had the daemon run in the foreground and let OpenRC manage the PID file at /run/spamass-milter.pid. I also cleaned up the socket code and the retry/wait stuff during start/stop. I've restarted the daemon a bunch of times with no problem. If it's all the same, I would also suggest that we make the $SOCKET path something like /run/milter/${RC_SVCNAME}.sock (which happens to be the default, anyway). The fact that we change ownership of the directory containing that variable is a little sneaky, and could mess up users' systems if they put e.g. SOCKET=/run/foo.sock. If the value was fixed at SOCKET=/run/milter/${RC_SVCNAME}.sock, then we could hard code the "checkpath" call to affect /run/milter.
Created attachment 494528 [details] spamass-milter.conf4
Created attachment 494530 [details] spamass-milter.rc5
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8c3b2530968d44c5e46fad371b300bd643e1e934 commit 8c3b2530968d44c5e46fad371b300bd643e1e934 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2019-04-24 12:49:05 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2019-04-24 12:50:13 +0000 package.mask: Last rite mail-filter/spamass-milter Bug: https://bugs.gentoo.org/630986 Signed-off-by: Michał Górny <mgorny@gentoo.org> profiles/package.mask | 7 +++++++ 1 file changed, 7 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=30a7ed2d867921b830e8f2329519fdb34ab9cb5f commit 30a7ed2d867921b830e8f2329519fdb34ab9cb5f Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2019-05-28 13:32:15 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2019-05-28 13:32:41 +0000 mail-filter/spamass-milter: Remove last-rited pkg Bug: https://bugs.gentoo.org/630986 Signed-off-by: Michał Górny <mgorny@gentoo.org> mail-filter/spamass-milter/Manifest | 1 - mail-filter/spamass-milter/files/README.gentoo | 52 ------------ .../files/spamass-milter-auth_users.patch | 92 ---------------------- .../spamass-milter/files/spamass-milter.conf3 | 29 ------- .../spamass-milter/files/spamass-milter.rc4 | 54 ------------- mail-filter/spamass-milter/metadata.xml | 5 -- .../spamass-milter/spamass-milter-0.3.2.ebuild | 41 ---------- profiles/package.mask | 7 -- 8 files changed, 281 deletions(-)
Removed over a year ago so no GLSA, tree is clean, closing.