242223 – mail/dovecot: incompatible with security.bsd.hardlink_check_{g,u}id

Bug 242223 - mail/dovecot: incompatible with security.bsd.hardlink_check_{g,u}id

Summary: mail/dovecot: incompatible with security.bsd.hardlink_check_{g,u}id

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	Larry Rosenman

URL:
Keywords:

Depends on:
Blocks:

Reported:	2019-11-25 13:56 UTC by Tassilo Philipp
Modified:	2021-11-14 14:56 UTC (History)
CC List:	2 users (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (ler)

Attachments
pkg-message.in patch (suggestion) (612 bytes, patch) 2019-11-25 22:35 UTC, Tassilo Philipp	no flags	Details \| Diff
more correct wording (641 bytes, patch) 2019-11-25 22:41 UTC, Tassilo Philipp	no flags	Details \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tassilo Philipp 2019-11-25 13:56:17 UTC

Hello,

similar to PR 218392, the port is incompatible with security.bsd.hardlink_check_gid and security.bsd.hardlink_check_uid sysctl flags set to 1, usually done for hardening.

As with the mentioned PR, those flags also affect dovecot's use of lock files. However, I *think* it's less dangerous, though, b/c it simply cannot write a lock file anymore (which are hardlinks in this case) and just gives up on whatever it planned to do.

Long story short, I think it's worth adding a warning to pkg-message for this, as well.

Thanks!

Comment 1 dewayne 2019-11-25 21:53:02 UTC

I've been running dovecot in a jail and the host has
security.bsd.hardlink_check_gid=1
security.bsd.hardlink_check_uid=1
for a few years.  However this is within a virtual mail account.  How would I test for this problem?  Unfortunately no-one has left for 3+ years which is probably the time-frame of this sysctl being enabled.

Comment 2 dewayne 2019-11-25 22:01:12 UTC

(In reply to dewayne from comment #1)
Please disregard my previous comment.  I've reviewed 218392.  I also have
security.bsd.see_other_gids=0
security.bsd.see_other_uids=0
So it seems that using a virtual account is the workaround to these problem.  :)

Comment 3 Tassilo Philipp 2019-11-25 22:06:24 UTC

Interesting, good point. In my case it's system users, which makes a difference, as it'll try to create the lock files owned by those real users. So virtual mail accounts look indeed like a potential workaround.

Comment 4 Larry Rosenman freebsd_committer

2019-11-25 22:10:01 UTC

If someone wants to give ma a decent patch to the pkg-message, I can make that happen.  I understand the concern, but writing it decently is not in my wheelhouse.

Comment 5 Tassilo Philipp 2019-11-25 22:35:25 UTC

Created attachment 209428 [details]
pkg-message.in patch (suggestion)

Sure, suggestion attached.

Comment 6 Tassilo Philipp 2019-11-25 22:41:16 UTC

Created attachment 209429 [details]
more correct wording

Of course I failed on first attempts... sorry.
Better version attached, not sure what was happening in my brain to not write a full sentence before creating the patch.  :-/

Comment 7 Larry Rosenman freebsd_committer

2019-11-26 01:53:10 UTC

Committed, thanks!

Comment 8 commit-hook freebsd_committer

2019-11-26 01:53:14 UTC

A commit references this bug:

Author: ler
Date: Tue Nov 26 01:52:58 UTC 2019
New revision: 518440
URL: https://svnweb.freebsd.org/changeset/ports/518440

Log:
  mail/dovecot: include mention of security.bsd.hardlink_check_{g,u}id in pkg-message.

  PR:		242223
  Submitted by:	tphilipp@potion-studios.com

Changes:
  head/mail/dovecot/Makefile
  head/mail/dovecot/files/pkg-message.in