lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <939d53060803191052o2f43b75cu426d51f9f24e2a46@mail.gmail.com>
Date:	Wed, 19 Mar 2008 18:52:41 +0100
From:	"Benjamin Thery" <ben.thery@...il.com>
To:	"Tilman Schmidt" <tilman@...p.cc>
Cc:	"Andrew Morton" <akpm@...ux-foundation.org>,
	linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
	"David Miller" <davem@...emloft.net>, pekkas@...core.fi,
	yoshfuji@...ux-ipv6.org, "Daniel Lezcano" <dlezcano@...ibm.com>,
	"Pavel Emelyanov" <xemul@...nvz.org>
Subject: Re: [2.6.25-rc5-mm1] regression: cannot run Postfix sendmail command as non-root

Tilman,

I've finally managed to reproduce your problem with Postfix on one of
my victims.

Earlier, in the afternoon, I wrote a piece of code that triggered a
similar behaviour,
but I wasn't sure it was exactly the problem you found. So, I've
rebuilt Postfix, added
some traces and, voila, same issue as yours.
(The version of Postfix originally  installed on my machine seems to
have IPv6 disabled)

I bisected the problem to the commit "[NET]: Make /proc/net a symlink
on /proc/self/net (v3)"

Here is what happens:

- Recently /proc/net has been moved to /proc/self/net, and
/proc/self/net is a symlink
  on this directory.
- Before that everybody could access /proc/net and read /proc/net/if_inet6:
   dr-xr-xr-x   6 root      root              0 2008-03-05 15:23 /proc/net

- Now, /proc/self/net has a more restrictive access mode and ony the
owner of the
  process can enter the directory:
  dr-xr--r-- 5 toto toto 0 Mar 19 17:30 net

  This is not a problem in most of the cases, but it becomes annoying
when a process
  decides to change its UID or GID. It may loose access to its own
/proc/self/net entries.

- What happens in the Postfix case is the 'sendmail' process executes the
   '/usr/sbin/postdrop' binary to enqueue the message, but unfortunately
   '/usr/bin/postdrop' has the setgid bit set:
   -rwxr-sr-x 1 root postdrop 479475 Mar 19 17:14 /usr/sbin/postdrop

   The process egid changes and this seems to be problematic to access
   /proc/self/net/if_inet6. :)

I've attached a tiny test program that can be used to reproduce the problem
without Postfix.
- Either execute it as root and give it an unprivileged uid in argument
  ./test-proc_net_if_inet6 1001

- Or change its ownership and access mode to: -rwxr-sr-x root postdrop
  and execute it as a lambda user.
   chown root:postdrop test-proc_net_if_inet6; chmod 2755 test-proc_net_if_inet6
   ./test-proc_net_if_inet6

I've found the cause but not the fix. :)
(Adding Pavel in cc:)

Regards,
Benjamin


On Thu, Mar 13, 2008 at 8:48 PM, Tilman Schmidt <tilman@...p.cc> wrote:
> Am 11.03.2008 09:14 schrieb Andrew Morton:
>  > ftp://ftp.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.25-rc5/2.6.25-rc5-mm1/
>
>  I'm noticing a strange effect with this:
>
>  On my openSUSE 10.3 development machine with SUSEs default MTA
>  Postfix installed, I occasionally send a pre-formatted mail by
>  feeding it directly into "/usr/sbin/sendmail -t". If I try that
>  while running a 2.6.25-rc5-mm1 kernel, I get:
>
>  ts@...on:~/kernel> /usr/sbin/sendmail -t < patch-usb-reduce-syslog-clutter-v3
>  postdrop: warning: can't open /proc/net/if_inet6 (Permission denied) - skipping IPv6 configuration
>  postdrop: fatal: parameter inet_interfaces: no local interface found for ::1
>  sendmail: warning: command "/usr/sbin/postdrop -r" exited with status 1
>  sendmail: fatal: ts(1000): unable to execute /usr/sbin/postdrop -r: Success
>  ts@...on:~/kernel>
>
>  and unsurprisingly, the mail is not sent. If I do the same as root,
>  everything works as usual, there is no console output from the
>  sendmail command, and the mail goes out as it should. All other
>  networking applications appear to be running normally.
>
>  On a 2.6.25-rc5 (non-mm) kernel I do not need to run the sendmail
>  command as root. It works just as well if I run it as myself.
>
>  IPv6 is not in use on that machine. The Ethernet interface has
>  just the link local IPv6 address. Possibly relevant information:
>
>  ts@...on:~> /sbin/ifconfig -a
>  eth0      Protokoll:Ethernet  Hardware Adresse 00:19:D1:03:D8:FF
>           inet Adresse:192.168.59.102  Bcast:192.168.59.255  Maske:255.255.255.0
>           inet6 Adresse: fe80::219:d1ff:fe03:d8ff/64 Gültigkeitsbereich:Verbindung
>           UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:78 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:145 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 Sendewarteschlangenlänge:100
>           RX bytes:9547 (9.3 Kb)  TX bytes:17952 (17.5 Kb)
>           Speicher:92c00000-92c20000
>
>  lo        Protokoll:Lokale Schleife
>           inet Adresse:127.0.0.1  Maske:255.0.0.0
>           inet6 Adresse: ::1/128 Gültigkeitsbereich:Maschine
>           UP LOOPBACK RUNNING  MTU:16436  Metric:1
>           RX packets:2 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 Sendewarteschlangenlänge:0
>           RX bytes:100 (100.0 b)  TX bytes:100 (100.0 b)
>
>  ts@...on:~/kernel> ls -l /proc/net/if_inet6
>  -r--r--r-- 1 root root 0 13. Mär 19:26 /proc/net/if_inet6
>  ts@...on:~> cat /proc/net/if_inet6
>  fe800000000000000219d1fffe03d8ff 02 40 20 80     eth0
>  00000000000000000000000000000001 01 80 10 80       lo
>  ts@...on:~> uname -a
>  Linux xenon 2.6.25-rc5-mm1-testing #1 SMP PREEMPT Tue Mar 11 14:34:49 CET 2008 i686 i686 i386 GNU/Linux
>
>  As you see, I can cat /proc/net/if_inet6 as regular (non-root) user
>  just fine, even though Postfix complains it cannot access it.
>  The content of /proc/net/if_inet6 is identical if I cat it on
>  kernel 2.6.25-rc5 mainline.
>
>  CCing a selection of IPv6 networking related maintainer addresses.
>  If you need more information or want me to test something, let me
>  know.
>
>  HTH
>  T.
>
>  --
>  Tilman Schmidt                          E-Mail: tilman@...p.cc
>  Bonn, Germany
>  Diese Nachricht besteht zu 100% aus wiederverwerteten Bits.
>  Ungeöffnet mindestens haltbar bis: (siehe Rückseite)
>
>

View attachment "test-proc_net_if_inet6.c" of type "text/x-csrc" (497 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ