Bug#650993: pu: package masqmail/0.2.27-1.1+squeeze1

To: submit@bugs.debian.org
Subject: Bug#650993: pu: package masqmail/0.2.27-1.1+squeeze1
From: Jonathan Wiltshire <jmw@debian.org>
Date: Sun, 4 Dec 2011 22:13:43 +0000
Message-id: <[🔎] 20111204221343.GA9434@lupin.home.powdarrmonkey.net>
Reply-to: Jonathan Wiltshire <jmw@debian.org>, 650993@bugs.debian.org

Package: release.debian.org
User: release.debian.org@packages.debian.org
Usertags: pu
Severity: normal

Dear maintainer,

Since you did not yet fix this bug in stable I submit the
attached patch for review by the release team. If you do not send an
objection I will upload it following their approval.

Regards.

-- 
Jonathan Wiltshire                                      jmw@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

diff -u masqmail-0.2.27/debian/changelog masqmail-0.2.27/debian/changelog
--- masqmail-0.2.27/debian/changelog
+++ masqmail-0.2.27/debian/changelog
@@ -1,3 +1,11 @@
+masqmail (0.2.27-1.1+squeeze1) stable; urgency=low
+
+  * Non-maintainer upload.
+  * Fix improper seteuid() calls in src/log.c and src/masqmail.c
+    (Closes: #638002)
+
+ -- Jonathan Wiltshire <jmw@debian.org>  Sun, 04 Dec 2011 22:02:34 +0000
+
 masqmail (0.2.27-1.1) unstable; urgency=low
 
   * Non-maintainer upload.
only in patch2:
unchanged:
--- masqmail-0.2.27.orig/src/log.c
+++ masqmail-0.2.27/src/log.c
@@ -65,8 +65,9 @@
 		uid_t saved_uid;
 		gid_t saved_gid;
 
-		saved_gid = setegid(conf.mail_gid);
-		saved_uid = seteuid(conf.mail_uid);
+		if (!conf.run_as_user) {
+			set_euidgid(conf.mail_uid, conf.mail_gid, &saved_uid, &saved_gid);
+		}
 
 		filename = g_strdup_printf("%s/masqmail.log", conf.log_dir);
 		logfile = fopen(filename, "a");
@@ -76,8 +77,9 @@
 		}
 		g_free(filename);
 
-		seteuid(saved_uid);
-		setegid(saved_gid);
+		if (!conf.run_as_user) {
+			set_euidgid(saved_uid, saved_gid, NULL, NULL);
+		}
 	}
 
 #ifdef ENABLE_DEBUG
@@ -114,35 +116,26 @@
 		va_copy(args_copy, args);
 		vfprintf(stdout, fmt, args_copy);
 		va_end(args_copy);
-		fflush(stdout);  /* is this necessary? */
+		fflush(stdout);  /* in case output ends not with newline */
 	}
 
 	pri &= ~LOG_VERBOSE;
-	if (pri) {
-		if (conf.use_syslog)
-			vsyslog(pri, fmt, args);
-		else {
-			if (pri <= conf.log_max_pri) {
-				FILE *file = logfile ? logfile : stderr;
-				time_t now = time(NULL);
-				struct tm *t = localtime(&now);
-				gchar buf[24];
-				uid_t saved_uid;
-				gid_t saved_gid;
-
-				saved_gid = setegid(conf.mail_gid);
-				saved_uid = seteuid(conf.mail_uid);
-
-				strftime(buf, 24, "%Y-%m-%d %H:%M:%S", t);
-				fprintf(file, "%s [%d] ", buf, getpid());
-
-				vfprintf(file, fmt, args);
-				fflush(file);
-
-				seteuid(saved_uid);
-				setegid(saved_gid);
-			}
-		}
+	if (!pri) {
+		return;
+	}
+	if (conf.use_syslog)
+		vsyslog(pri, fmt, args);
+	else if (pri <= conf.log_max_pri) {
+		FILE *file = logfile ? logfile : stderr;
+		time_t now = time(NULL);
+		struct tm *t = localtime(&now);
+		gchar buf[24];
+
+		strftime(buf, 24, "%Y-%m-%d %H:%M:%S", t);
+		fprintf(file, "%s [%d] ", buf, getpid());
+
+		vfprintf(file, fmt, args);
+		fflush(file);
 	}
 }
 
only in patch2:
unchanged:
--- masqmail-0.2.27.orig/src/masqmail.c
+++ masqmail-0.2.27/src/masqmail.c
@@ -62,8 +62,10 @@
 	sigterm_in_progress = 1;
 
 	if (pidfile) {
-		uid_t uid;
-		uid = seteuid(0);
+		uid_t uid = geteuid();
+		if (seteuid(0) != 0) {
+			logwrite(LOG_ALERT, "sigterm_handler: could not set euid to %d: %s\n", 0, strerror(errno));
+		}
 		if (unlink(pidfile) != 0)
 			logwrite(LOG_WARNING, "could not delete pid file %s: %s\n", pidfile, strerror(errno));
 		seteuid(uid);  /* we exit anyway after this, just to be sure */
@@ -236,8 +238,7 @@
 	conf.do_verbose = FALSE;
 
 	if (!conf.run_as_user) {
-		seteuid(conf.orig_uid);
-		setegid(conf.orig_gid);
+		set_euidgid(conf.orig_uid, conf.orig_gid, NULL, NULL);
 	}
 
 	DEBUG(5) debugf("accepting smtp message on stdin\n");
@@ -265,8 +266,7 @@
 	}
 
 	if (!conf.run_as_user) {
-		seteuid(conf.orig_uid);
-		setegid(conf.orig_gid);
+		set_euidgid(conf.orig_uid, conf.orig_gid, NULL, NULL);
 	}
 
 	DEBUG(5) debugf("accepting message on stdin\n");
@@ -635,10 +635,15 @@
 	if (strcmp(conf_file, CONF_FILE) != 0) {
 		if (conf.orig_uid != 0) {
 			conf.run_as_user = TRUE;
-			seteuid(conf.orig_uid);
-			setegid(conf.orig_gid);
-			setuid(conf.orig_uid);
-			setgid(conf.orig_gid);
+			set_euidgid(conf.orig_uid, conf.orig_gid, NULL, NULL);
+			if (setgid(conf.orig_gid)) {
+				logwrite(LOG_ALERT, "could not set gid to %d: %s\n", conf.orig_gid, strerror(errno));
+				exit(1);
+			}
+			if (setuid(conf.orig_uid)) {
+				logwrite(LOG_ALERT, "could not set uid to %d: %s\n", conf.orig_uid, strerror(errno));
+				exit(1);
+			}
 		}
 	}

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Bug#650993: pu: package masqmail/0.2.27-1.1+squeeze1
  - From: Jonathan Wiltshire <jmw@debian.org>
- Bug#650993: pu: package masqmail/0.2.27-1.1+squeeze1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Re: Bug#636929: release.debian.org: add a template for "urgency bumps"?
Next by Date: Bug#650601: transition: libpng 1.5
Previous by thread: Re: Bug#636929: release.debian.org: add a template for "urgency bumps"?
Next by thread: Bug#650993: pu: package masqmail/0.2.27-1.1+squeeze1
Index(es):
- Date
- Thread