Bug 242223 - mail/dovecot: incompatible with security.bsd.hardlink_check_{g,u}id
Summary: mail/dovecot: incompatible with security.bsd.hardlink_check_{g,u}id
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Larry Rosenman
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-11-25 13:56 UTC by Tassilo Philipp
Modified: 2019-11-26 01:53 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (ler)


Attachments
pkg-message.in patch (suggestion) (612 bytes, patch)
2019-11-25 22:35 UTC, Tassilo Philipp
no flags Details | Diff
more correct wording (641 bytes, patch)
2019-11-25 22:41 UTC, Tassilo Philipp
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Tassilo Philipp 2019-11-25 13:56:17 UTC
Hello,

similar to PR 218392, the port is incompatible with security.bsd.hardlink_check_gid and security.bsd.hardlink_check_uid sysctl flags set to 1, usually done for hardening.

As with the mentioned PR, those flags also affect dovecot's use of lock files. However, I *think* it's less dangerous, though, b/c it simply cannot write a lock file anymore (which are hardlinks in this case) and just gives up on whatever it planned to do.

Long story short, I think it's worth adding a warning to pkg-message for this, as well.

Thanks!
Comment 1 dewayne 2019-11-25 21:53:02 UTC
I've been running dovecot in a jail and the host has
security.bsd.hardlink_check_gid=1
security.bsd.hardlink_check_uid=1
for a few years.  However this is within a virtual mail account.  How would I test for this problem?  Unfortunately no-one has left for 3+ years which is probably the time-frame of this sysctl being enabled.
Comment 2 dewayne 2019-11-25 22:01:12 UTC
(In reply to dewayne from comment #1)
Please disregard my previous comment.  I've reviewed 218392.  I also have
security.bsd.see_other_gids=0
security.bsd.see_other_uids=0
So it seems that using a virtual account is the workaround to these problem.  :)
Comment 3 Tassilo Philipp 2019-11-25 22:06:24 UTC
Interesting, good point. In my case it's system users, which makes a difference, as it'll try to create the lock files owned by those real users. So virtual mail accounts look indeed like a potential workaround.
Comment 4 Larry Rosenman freebsd_committer 2019-11-25 22:10:01 UTC
If someone wants to give ma a decent patch to the pkg-message, I can make that happen.  I understand the concern, but writing it decently is not in my wheelhouse.
Comment 5 Tassilo Philipp 2019-11-25 22:35:25 UTC
Created attachment 209428 [details]
pkg-message.in patch (suggestion)

Sure, suggestion attached.
Comment 6 Tassilo Philipp 2019-11-25 22:41:16 UTC
Created attachment 209429 [details]
more correct wording

Of course I failed on first attempts... sorry.
Better version attached, not sure what was happening in my brain to not write a full sentence before creating the patch.  :-/
Comment 7 Larry Rosenman freebsd_committer 2019-11-26 01:53:10 UTC
Committed, thanks!
Comment 8 commit-hook freebsd_committer 2019-11-26 01:53:14 UTC
A commit references this bug:

Author: ler
Date: Tue Nov 26 01:52:58 UTC 2019
New revision: 518440
URL: https://svnweb.freebsd.org/changeset/ports/518440

Log:
  mail/dovecot: include mention of security.bsd.hardlink_check_{g,u}id in pkg-message.

  PR:		242223
  Submitted by:	tphilipp@potion-studios.com

Changes:
  head/mail/dovecot/Makefile
  head/mail/dovecot/files/pkg-message.in