do not dropprivs! [#25400]

Submitted by aitte on Fri, 02/15/2013 - 01:07

the per-domain /etc/webmin/virtual-server/procmail/13607973039749 has "DROPPRIVS=yes"

then it runs spam/virus scanning.

then control returns to /etc/procmailrc who now has no more root access.

this breaks procmail. makes it impossible to write to root-owned logs, run other tools that require root access, etc. in my case, some tools want to generate email messages (like status, bounce, etc), but if we have DROPPRIVS and user has no more quota left, then this fails.

please consider moving DROPPRIVS to the bottom of the file, when it is time for ~/.procmailrc but not earlier

Status:

Closed (fixed)

Comments

Submitted by JamieCameron on Fri, 02/15/2013 - 01:39 Comment #1

That would mean that spam scanning would be run as root, rather than the user who is receiving email .. which is probably not what most users want.

However, it is possible to customize /etc/procmailrc as you like to suit your site. Virtualmin can be prevented from editing it by turning off the spam and virus features on the Features and Plugins page.

Submitted by aitte on Fri, 02/15/2013 - 01:57 Comment #2

i suppose it's not as safe yeah... the main problem for me is that various things i execute from /etc/procmailrc want to write to log files, and they die (yes, die) because they can't. i will have to look into disabling logging and so on, to make it work as non-root. i can't simply move them to above the "INCLUDERC" because I want spam and virus scanning to take place first.

Submitted by aitte on Fri, 02/15/2013 - 02:14 Comment #3

well, that worked.

before (when i allowed logging):

Can't open log file /var/log/dovecot-lda.log: Permission denied
procmail: Program failure (75) of "/usr/libexec/dovecot/deliver"
From root  Fri Feb 15 02:51:52 2013
 Subject: [SPAM] 
  Folder: /dev/null                             969
Time:1360914717 From: To: User:hey.yo.com Size:969 Dest:/dev/null Mode:Spam

after, when i forcibly override logging config values in my call from procmailrc, no more issues not running as root.

From root  Fri Feb 15 02:52:17 2013
 Subject: [SPAM] 
  Folder: /usr/libexec/dovecot/deliver -o log_path= -o info_log_path=       969
Time:1360914742 From: To: User:hey.yo.com Size:969 Dest:/usr/libexec/dovecot/deliver -o log_path= -o info_log_path= -o debug_log_path= -m Junk Mode:Spam

let this be a warning to other people: don't run things that try to write to root-owned files from your /etc/procmailrc. it won't work since the per-site procmailrc has dropped privileges ;)

Submitted by JamieCameron on Fri, 02/15/2013 - 14:43 Comment #4

Ok, I will mark this as fixed then.

Submitted by Issues on Fri, 03/01/2013 - 14:46 Comment #5

Automatically closed -- issue fixed for 2 weeks with no activity.