Bug 132575 - security/amavisd-new pidfile not respected
Summary: security/amavisd-new pidfile not respected
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Gabor Kovesdan
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-03-12 11:40 UTC by Helmut Schneider
Modified: 2009-04-05 18:50 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Helmut Schneider 2009-03-12 11:40:04 UTC 
As amavisd is most often chrooted to /var/amavis the process should not have write permissions to that directory for security reasons. A good place for the pid file would be e.g. /var/amavis/var/run
If a user sets a custom path for the pid file the rc script does not respect that as /var/amavis/amavisd.pid is "hardcoded".

Fix: 

. /etc/rc.subr
@@ -20,7 +22,6 @@
 rcvar=`set_rcvar`

 command=/usr/local/sbin/amavisd > /dev/null 2>&1
-pidfile=/var/amavis/amavisd.pid
 required_files=/usr/local/etc/amavisd.conf
 extra_commands="reload"

@@ -59,6 +60,7 @@
 # set defaults

 amavisd_enable=${amavisd_enable:-"NO"}
+amavisd_pidfile=${amavisd_pidfile:-"/var/amavis/amavisd.pid"}

 load_rc_config $name
 run_rc_command "$1"--9cGY082VsFMBF7znWQx2ygurQLxnOen1SGsUImwfBaF7BbkU
Content-Type: text/plain; name="file.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="file.diff"

--- /usr/local/etc/rc.d/amavisd.bak     2009-03-12 12:21:42.000000000 +0100
+++ /usr/local/etc/rc.d/amavisd 2009-03-12 12:24:59.000000000 +0100
@@ -12,6 +12,8 @@
 # Add the following lines to /etc/rc.conf to enable amavisd:
 #
 #amavisd_enable="YES"
+#amavisd_pidfile="$PATH_TO_PIDFILE"
 #
Comment 1 Mark Linimon freebsd_committer freebsd_triage 2009-03-16 07:20:03 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->gabor

Fix synopsis and assign.
Comment 2 dfilter service freebsd_committer freebsd_triage 2009-04-05 18:49:33 UTC 
gabor       2009-04-05 17:49:19 UTC

  FreeBSD ports repository

  Modified files:
    security/amavisd-new Makefile 
    security/amavisd-new/files amavisd.sh.in patch-amavisd 
                               pkg-message.in 
  Log:
  - Do not hardcode pidfile in the rc.d script [1]
  - Depend on p5-Mail-DKIM >= 0.33 [2]
  - Patch clamscan timeout bug [2]
  - REQUIRE: mysql postgresql in rc.d script [2]
  - Bump PORTREVISION
  - pkg-message nits
  
  PR:             ports/132575 [1], ports/133073 [2]
  Submitted by:   Helmut Schneider <jumper99@gmx.de> [1],
                  Michael Scheidell <scheidell@secnap.net> [2]
  
  Revision  Changes    Path
  1.69      +2 -2      ports/security/amavisd-new/Makefile
  1.8       +3 -3      ports/security/amavisd-new/files/amavisd.sh.in
  1.19      +6 -0      ports/security/amavisd-new/files/patch-amavisd
  1.8       +5 -1      ports/security/amavisd-new/files/pkg-message.in
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 3 Gabor Kovesdan freebsd_committer freebsd_triage 2009-04-05 18:49:38 UTC 
State Changed
From-To: open->closed

Committed, thanks!