Bug 151783 - mail/fetchmail: rc.d script broken in case of MDA use
Summary: mail/fetchmail: rc.d script broken in case of MDA use
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-ports-bugs (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-10-27 18:40 UTC by Victor Balada Diaz
Modified: 2011-08-15 21:20 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Balada Diaz 2010-10-27 18:40:10 UTC
If you're using --mda parameter this is the documented behaviour of fetchmail: (from man page)


              If fetchmail is running as root,  it  sets  its  user  id  while
              delivering  mail  through  an MDA as follows:  First, the FETCH-
              MAILUSER, LOGNAME, and USER environment variables are checked in
              this  order.  The value of the first variable from his list that
              is defined (even if it is empty!) is looked  up  in  the  system
              user  database.  If  none of the variables is defined, fetchmail
              will use the real user id it was started with.  If  one  of  the
              variables  was  defined,  but the user stated there isn't found,
              fetchmail continues running as root, without checking  remaining
              variables  on the list.  Practically, this means that if you run
              fetchmail as root (not recommended), it is most useful to define
              the  FETCHMAILUSER environment variable to set the user that the
              MDA should run as. Some MDAs (such as maildrop) are designed  to
              be  setuid  root  and  setuid to the recipient's user id, so you
              don't lose functionality this way even when running fetchmail as
              unprivileged user.  Check the MDA's manual for details.

So if you login by ssh, become root, and start the fetchmail with a global config that needs an MDA, it will try to use the MDA of your LOGNAME or USER and will give an error:

Oct 27 19:15:38 oro fetchmail[89429]: Cannot switch effective user id to 1001: Operation not permitted

Fix: 

define in the shell script FETCHMAILUSER as = $fetchmail_user (by default, fetchmail) before starting fetchmail in daemon mode.
How-To-Repeat: 1) create a standard configuration that use other program as MDA and make sure that MDA program doesn't have setuid or setgid perms.
2) login as your current user
3) do su to become root
4) start the fetchmail daemon /usr/local/etc/rc.d/fetchmail start
5) look at the logs, you'll see it's unable to deliver anything.
Comment 1 Edwin Groothuis freebsd_committer 2010-10-27 18:40:23 UTC
Maintainer of mail/fetchmail,

Please note that PR ports/151783 has just been submitted.

If it contains a patch for an upgrade, an enhancement or a bug fix
you agree on, reply to this email stating that you approve the patch
and a committer will take care of it.

The full text of the PR can be found at:
    http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/151783

-- 
Edwin Groothuis via the GNATS Auto Assign Tool
edwin@FreeBSD.org
Comment 2 Edwin Groothuis freebsd_committer 2010-10-27 18:40:25 UTC
State Changed
From-To: open->feedback

Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
Comment 3 Tilman Keskinoz freebsd_committer 2011-08-01 19:37:38 UTC
State Changed
From-To: feedback->open

Maintainer timeout
Comment 4 Matthias Andree freebsd_committer 2011-08-14 16:20:46 UTC
State Changed
From-To: open->feedback

pointed maintainer to this PR again
Comment 5 dfilter service freebsd_committer 2011-08-15 21:13:35 UTC
mandree     2011-08-15 20:13:22 UTC

  FreeBSD ports repository

  Modified files:
    mail/fetchmail       Makefile 
    mail/fetchmail/files fetchmail.in 
  Log:
  Assorted minor fixes and touch-ups:
  
  - Fix:     rcfile: export FETCHMAILUSER=$fetchmail_user [1]
  
  - Fix:     when installing from source, make /var/run/fetchmail directory
             so that a global fetchmail installation won't break after port
             upgrades
  
  - Change:  compile GSSAPI support by default (it's in base)
  
  - Cleanup: rcfile: drop support for fetchmail.sh script name
  
  - Cleanup: rcfile: don't mix backtick with apostrophe in comments, they don't
             match
  
  Reported by:  thierry, Victor Balada Diaz <victor@bsdes.net> [1]
  Suggested by: Victor Balada Diaz <victor@bsdes.net> [1]
  PR:           ports/151783
  Approved by:  maintainer timeout [1]
  
  Revision  Changes    Path
  1.217     +8 -3      ports/mail/fetchmail/Makefile
  1.10      +17 -20    ports/mail/fetchmail/files/fetchmail.in
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 6 Matthias Andree freebsd_committer 2011-08-15 21:13:57 UTC
State Changed
From-To: feedback->closed

Committed. Thanks!
Comment 7 Matthias Andree freebsd_committer 2011-08-15 21:15:11 UTC
Maintainer replied being unable to respond before Aug 25.

Commit over his head with assorted other fixes found during testing.