Tracking down a permissions bug in attachments
Y'all,
I think I may have found a bug with the attachments code and hoped that you guys could give me some input.
When trying to save an attachment my installation of mailman provides the following error.
+----
Jan 23 07:05:52 2004 (24615) Traceback (most recent call last): File "/usr/pkg/lib/mailman/Mailman/Queue/Runner.py", line 110, in _oneloop self._onefile(msg, msgdata) File "/usr/pkg/lib/mailman/Mailman/Queue/Runner.py", line 160, in _onefile keepqueued = self._dispose(mlist, msg, msgdata) File "/usr/pkg/lib/mailman/Mailman/Queue/ArchRunner.py", line 73, in _dispose mlist.ArchiveMail(msg) File "/usr/pkg/lib/mailman/Mailman/Archiver/Archiver.py", line 208, in ArchiveMail h.processUnixMailbox(f) File "/usr/pkg/lib/mailman/Mailman/Archiver/pipermail.py", line 544, in processUnixMailbox m = mbox.next() File "/usr/pkg/lib/python2.2/mailbox.py", line 34, in next return self.factory(_Subfile(self.fp, start, stop)) File "/usr/pkg/lib/mailman/Mailman/Mailbox.py", line 89, in scrubber return mailbox.scrub(msg) File "/usr/pkg/lib/mailman/Mailman/Mailbox.py", line 109, in scrub return self._scrubber(self._mlist, msg) File "/usr/pkg/lib/mailman/Mailman/Handlers/Scrubber.py", line 219, in process url = save_attachment(mlist, part, dir, filter_html=0) File "/usr/pkg/lib/mailman/Mailman/Handlers/Scrubber.py", line 344, in save_attachment makedirs(fsdir) File "/usr/pkg/lib/mailman/Mailman/Handlers/Scrubber.py", line 336, in makedirs os.path.walk(dir, twiddle, None) File "/usr/pkg/lib/python2.2/posixpath.py", line 279, in walk func(arg, top, names) File "/usr/pkg/lib/mailman/Mailman/Handlers/Scrubber.py", line 335, in twiddle os.chmod(dirname, 02775) OSError: [Errno 1] Operation not permitted: '/var/db/mailman/archives/private/rq-rules/attachments/20040123/72aeb309'
+----------
Now, it looks to me like Mailman is trying to set permissions on the newly created directory to 02775. I'm running on NetBSD which doesn't let anyone but the superuser set the 2000 (setuid) bit. I imagine this setting (02775) was done for linux which overloads the setuid bit for as 'set group' on new files.
Does this sound like a good assessment? If so, is there a generic way to turn this sort of thing off in a config? (I searched by couldn't find anything.) Isn't this something that should be handled at build time?
Thanks for any feedback!
-Andrew
On Friday, Jan 23, 2004, at 12:27 US/Eastern, Andrew Mellinger wrote:
Now, it looks to me like Mailman is trying to set permissions on the newly created directory to 02775. I'm running on NetBSD which doesn't let anyone but the superuser set the 2000 (setuid) bit. I imagine this setting (02775) was done for linux which overloads the setuid bit for as 'set group' on new files.
man 2 chmod. 02000 is the setgid bit, where 04000 would be setuid. I can confirm that NetBSD does let non-superusers set it on files that they own (works with /bin/chmod and simple C test programs):
[EPERM] The effective user ID does not match the owner of the file and the effective user ID is not the super-user.
As you have probably observed, it's not needed for Mailman to operate correctly because new files in BSD tend to inherit group ownership from the parent directory anyway.
Does this sound like a good assessment? If so, is there a generic way to turn this sort of thing off in a config? (I searched by couldn't find anything.) Isn't this something that should be handled at build time?
Something like that. This is bug #688751, and again I can confirm that it occurs on NetBSD, so with every new release I've just commented out three lines in Scrubber.py to avoid shunting messages with attachments. I otherwise have no idea where to go with this. The function in question works when run in a small test program as a non-superuser...
--RobbyOn Sunday, Feb 8, 2004, at 16:33 US/Eastern, Robby Griffin wrote:
On Friday, Jan 23, 2004, at 12:27 US/Eastern, Andrew Mellinger wrote:
Now, it looks to me like Mailman is trying to set permissions on the newly created directory to 02775. I'm running on NetBSD which doesn't let anyone but the superuser set the 2000 (setuid) bit. I imagine this setting (02775) was done for linux which overloads the setuid bit for as 'set group' on new files.
Something like that. This is bug #688751, and again I can confirm that it occurs on NetBSD, so with every new release I've just commented out three lines in Scrubber.py to avoid shunting messages with attachments. I otherwise have no idea where to go with this. The function in question works when run in a small test program as a non-superuser...
Hmm. As best I can tell, this bug was fixed in 2.1.4 by the fix for bug #777444 ("mailmanctl doesn't setgroups when run as root"). With what version of Mailman did you encounter the problem?
--Robby
participants (2)
-
Andrew Mellinger -
Robby Griffin