mail-filter/procmail-3.22-r6 doesn't read $HOME/.procmailrc if it's $HOME is mounted via NFS with root_squash in effect and uses restrictive permissions (i.e. 0700). I'm marking this as severity=major since it means procmail is unusable on my system (homedirs are always set to 0700 for privacy reasons). Reproducible: Always Steps to Reproduce: 1. chmod 700 /home/sascha 2. echo test|mail -s test sascha@cube.sascha.silbe.org Actual Results: Excerpt of strace on the qmail-lspawn process (that spawns procmail): 2000 setgroups32(17, [100, 4, 10, 11, 16, 18, 19, 20, 1004, 27, 35, 80, 245, 250, 120, 1033, 1037]) = 0 2000 uname({sys="Linux", node="cube", ...}) = 0 2000 stat64("/var/spool/mail/", {st_mode=S_IFDIR|0775, st_size=1024, ...}) = 0 2000 setgid32(12) = 0 2000 lstat64("/var/spool/mail/sascha", {st_mode=S_IFREG|0600, st_size=1766896, ...}) = 0 2000 lstat64("/var/spool/mail/sascha.lock", 0xbffffa3c) = -1 ENOENT (No such file or directory) 2000 umask(077) = 077 2000 open("/etc/procmailrc", O_RDONLY) = 4 [...] 2000 stat64("/home/sascha/.procmailrc", 0xbffffa3c) = -1 EACCES (Permission denied) 2000 open("/home/sascha/.procmailrc", O_RDONLY) = -1 EACCES (Permission denied) 2000 setuid32(1000) = 0 As you see, procmail returns to normal user permissions just _after_ trying to read the personal config file, thus triggering root_squash on the NFS homedir. It might even be bad security-wise since ~/.procmailrc could be a SymLink to some file readable only by root. Expected Results: Either return to normal user rights as soon as possible (especially before trying to access any user-owned files) or don't install procmail as setuid-root. BTW: Why is it setuid-root, anyway? It's just a mail filter, after all. Gentoo Base System version 1.4.16 Portage 2.0.51-r15 (default-linux/x86/2004.0, gcc-3.3.5, glibc-2.3.4.20040808-r1, 2.6.10-infra-r2-cube-1 i686) ================================================================= System uname: 2.6.10-infra-r2-cube-1 i686 AMD Athlon(tm) XP 1700+ Python: dev-lang/python-2.3.4-r1 [2.3.4 (#1, Feb 8 2005, 02:37:46)] distcc 2.16 i586-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] ccache version 2.3 [enabled] dev-lang/python: 2.3.4-r1 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.5, 1.7.9-r1, 1.4_p6, 1.9.4, 1.6.3, 1.8.5-r3 sys-devel/binutils: 2.15.92.0.2-r1 sys-devel/libtool: 1.5.10-r4 virtual/os-headers: 2.6.8.1-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-march=pentium -mcpu=athlon-tbird -O3 -pipe" CHOST="i586-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/lib/mozilla/defaults/pref /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /usr/vice/etc /var/qmail/alias /var/qmail/control" CONFIG_PROTECT_MASK="/etc/afs/C /etc/afs/afsws /etc/afs/modload /etc/gconf /etc/make.globals /etc/terminfo /etc/env.d" CXXFLAGS="-march=pentium -mcpu=athlon-tbird -O3 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs autoconfig ccache collision-protect distlocks fixpackages sandbox sfperms strict test userpriv usersandbox" GENTOO_MIRRORS="ftp://ftp.easynet.nl/mirror/gentoo/ http://gentoo.inode.at/ ftp://gentoo.inode.at/source/" LANG="en_US" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp/portage" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage-local--main--1.0" SYNC="rsync://hybrid.sascha.silbe.org/gentoo-portage" USE="x86 3dnow S3TC X acl afs alsa apm avi bash-completion berkdb bitmap-fonts blas bzlib cdr crypt curl doc dvd dvdr emboss encode f77 fam flac font-server foomaticdb fortran gdbm gif gimpprint gtk gtk2 gtkhtml guile hbci imagemagick imap imlib ipv6 j-noaim j-nomsn j-noyahoo jabber jpeg kerberos lapack lcms libg++ libwww lvm1 mad maildir makecheck mbox mikmod mmx monitor mozsvg mpeg mysql nas ncurses nls nodrm offensive oggvorbis opengl oss pam pdflib plotutils png postgres python qt qtmt quicktime readline samba scanner sdl serial skey spell sqlite sse ssl tetex tiff truetype truetype-fonts type1-fonts unicode xml xml2 xv xvid zlib linguas_en,de" Unset: ASFLAGS, CBUILD, CTARGET, LC_ALL, LDFLAGS
> As you see, procmail returns to normal user permissions just _after_ trying to read the personal config file, thus triggering root_squash on the NFS homedir. Well... this is an UPSTREAM thing. > Why is it setuid-root, anyway? It's just a mail filter, after all. maildrop also installs as setuid-root; it is needed to gain user privileges when invoqued with a non-privileged account such as mail. I don't want to close this as RESOLVED->UPSTREAM; but is more an upstream bug than gentoo-related bug. Cheers, Ferdy
This is an upstream bug if it is actually a bug. Cheers, Ferdy