Bug #13450 for Net-Server: 0.88 crashes amavisd-new when using perl 5.8.0

Tue Jun 28 11:31:25 2005 Guest - Ticket created

Subject:

0.88 crashes amavisd-new when using perl 5.8.0

Net::Server 0.88. On Red Hat 9.0 and RHEL3, with perl 5.8.0 installed, when attempting to start amavisd-new, Net::Server produces an error, then closes: Output from 'amavisd debug': Net::Server: 2005/06/28-09:24:58 Amavis (type Net::Server::PreForkSimple) starting! pid(2780) Net::Server: Binding to UNIX socket file /var/amavis/amavisd.sock using SOCK_STREAM Net::Server: Binding to TCP port 10024 on host 127.0.0.1 Net::Server: Setting gid to "999 999" Net::Server: 2005/06/28-09:24:58 Couldn't become gid "999": \n\n at line 486 in file /usr/lib/perl5/site_perl/5.8.0/Net/Server.pm Net::Server: 2005/06/28-09:24:58 Server closing! This behavior appears to be new with version 0.88.

Thu Jun 30 12:09:14 2005 Guest - Correspondence added

From:

JussiT

[guest - Tue Jun 28 11:31:25 2005]: Show quoted text

> Net::Server 0.88. On Red Hat 9.0 and RHEL3, with perl 5.8.0 installed, > when attempting to start amavisd-new, Net::Server produces an > error, then closes:

Found the same with Red Hat Enterprise Linux 3 ES and perl-5.8.0. But the same amavisd-new 2.3.2 works pretty well with Fedora Core 4 running perl-5.8.6-15. It may be a perl-5.8.0 vs. Net::Server 0.88 compatibility problem.

Thu Jul 14 13:51:11 2005 paul [...] seamons.com - Correspondence added

I'm thinking it may be in how the groups are returned on RedHat. The code to blame is: sub set_gid { my $gids = get_gid( @_ ); my $gid = (split /\s+/, $gids)[0]; eval { $) = $gids }; # store all the gids - this is really sort of optional POSIX::setgid($gid); my $_gid = (split /\s+/, $()[0]; if ($_gid != $gid) { die "Couldn't become gid \"$gid\": $!\n"; } return 1; } I'd be interested in looking at what $( returns before and after the call to POSIX::setgid (if you could debug that it would be very helpful). I am imagining that maybe the group you set is being returned successfully but not in the first position (the $( string will be a space separated list of groups). If this is the case, then we should be able to change the line to: if (! grep {$gid == $_} split /\s+/, $() { Can you try modifying a local copy and seeing if this takes care of the issue? Paul Seamons

Fri Jul 15 12:18:36 2005 Guest - Correspondence added

From:

lists [...] johnmecham.com

Red Hat 9.0 Perl 5.8.0, Daemonize.pm [root@sf1 root]# grep amavis /etc/passwd amavis:x:999:999:amavisd-new daemon:/var/amavis:/sbin/nologin [root@sf1 root]# grep amavis /etc/group amavis:x:999:clamav ****************** print $(; print "\n"; POSIX::setgid($gid); print $(; print "\n"; results in: Jul 14 12:38:07 sf1.example.com amavisd[1825]: Net::Server: Setting gid to "999 999" 0 999 999 0 999 999 Jul 14 12:38:07 sf1.example.com amavisd[1825]: Net::Server: 2005/07/14- 12:38:07 Couldn't become gid "999": \n\n at line 486 in file /usr/lib/perl5/site_perl/5.8.0/Net/Server.pm ****************** I'm hoping I replaced the correct line here ... my $_gid = (split /\s+/, $()[0]; # if ($_gid != $gid) { # original line if (! grep {$gid == $_} split /\s+/, $() { die "Couldn't become gid \"$gid\": $!\n"; } now instead of gid, couldn't become uid: Jul 14 12:37:02 sf1.example.com amavisd[1824]: Net::Server: Setting gid to "999 999" Jul 14 12:37:02 sf1.example.com amavisd[1824]: Net::Server: Setting uid to "999" Jul 14 12:37:03 sf1.example.com amavisd[1824]: Net::Server: 2005/07/14- 12:37:02 Couldn't become uid "999": \n\n at line 486 in file /usr/lib/perl5/site_perl/5.8.0/Net/Server.pm ************************************* Just for comparison: On my Debian Sarge machine (Perl 5.8.6) (where there is no problem): sfm:~# grep amavis /etc/passwd amavis:x:103:104:AMaViS system user,,,:/var/lib/amavis:/bin/sh sfm:~# grep amavis /etc/group amavis:x:104:clamav ***************** print "$("; print "\n"; POSIX::setgid($gid); print "$("; print "\n"; results in: Jul 14 13:00:23 sfm amavisd-new[2250]: Net::Server: Setting gid to "104 104" 0 104 104 104 104 104 Jul 14 13:00:23 sfm amavisd-new[2250]: Net::Server: Setting uid to "103" ****************** A FreeBSD system running Perl 5.8.7 shows: 0 110 110 110 110 110

Wed Jul 20 18:27:04 2005 Guest - Correspondence added

From:

lists [...] johnmecham.com

[RHANDOM - Thu Jul 14 13:51:11 2005]: Show quoted text

> I'm thinking it may be in how the groups are returned on RedHat. The > code to blame is: > > sub set_gid { > my $gids = get_gid( @_ ); > my $gid = (split /\s+/, $gids)[0]; > eval { $) = $gids }; # store all the gids - this is really sort of > optional > > POSIX::setgid($gid); > my $_gid = (split /\s+/, $()[0]; > if ($_gid != $gid) { > die "Couldn't become gid \"$gid\": $!\n"; > } > > return 1; > } > > I'd be interested in looking at what $( returns before and after the > call to POSIX::setgid (if you could debug that it would be very > helpful). I am imagining that maybe the group you set is being > returned successfully but not in the first position (the $( string > will be a space separated list of groups). If this is the case, then > we should be able to change the line to: > > if (! grep {$gid == $_} split /\s+/, $() { > > Can you try modifying a local copy and seeing if this takes care of > the issue? > > Paul Seamons

From what you have provided here, and what I grabbed from a patch by Mark Martinec, I created a patch that appears to work. I am not a programmer, so you be the judge: --- Daemonize.pm 2005-06-20 13:41:15.000000000 -0600 +++ Daemonize.pm-patched 2005-07-20 16:12:10.000000000 -0600 @@ -199,11 +199,8 @@ ### change the process to run as this uid sub set_uid { my $uid = get_uid( shift() ); - - POSIX::setuid($uid); - if ($< != $uid) { - die "Couldn't become uid \"$uid\": $!\n"; - } + POSIX::setuid( $uid ) or die "Couldn't POSIX::setuid to \"$uid\" [$!] \n"; + $> = $uid; $< = $uid; # just in case return 1; } @@ -217,7 +214,7 @@ POSIX::setgid($gid); my $_gid = (split /\s+/, $()[0]; - if ($_gid != $gid) { + if (! grep {$gid == $_} split /\s+/, $() { die "Couldn't become gid \"$gid\": $!\n"; }

--- Daemonize.pm 2005-06-20 13:41:15.000000000 -0600 +++ Daemonize.pm-patched 2005-07-20 16:12:10.000000000 -0600 @@ -199,11 +199,8 @@ ### change the process to run as this uid sub set_uid { my $uid = get_uid( shift() ); - - POSIX::setuid($uid); - if ($< != $uid) { - die "Couldn't become uid \"$uid\": $!\n"; - } + POSIX::setuid( $uid ) or die "Couldn't POSIX::setuid to \"$uid\" [$!]\n"; + $> = $uid; $< = $uid; # just in case return 1; } @@ -217,7 +214,7 @@ POSIX::setgid($gid); my $_gid = (split /\s+/, $()[0]; - if ($_gid != $gid) { + if (! grep {$gid == $_} split /\s+/, $() { die "Couldn't become gid \"$gid\": $!\n"; }

Wed Jul 20 18:33:08 2005 Guest - Correspondence added

From:

lists [...] johnmecham.com

That may have wrapped, so here is a URL to the this patch if you would like: http://www200.pair.com/mecham/spam/p7.txt

Thu Jul 21 10:43:56 2005 paul [...] seamons.com - Correspondence added

Unfortunately that will break on BSD. The POSIX::setuid call returns different things on different platforms (and has possibly changed between version). The old version (<=.87) did the checks the way you patch provides and breaks on most BSD systems. Also - it appears that the order that $< and $> should be set varies from platform to platform. Most people that I have heard back from have said that the set_uid portion of the 0.88 version is working for them. So the question is - why wouldn't the check for $< == $uid work on your system. If it is not working then it seems that something dangerous is going on and the server won't be running as the user you think it will. Could you debug a little more and figure out if we are getting the right value for $uid via the get_uid($username or $uid) call and then debug the value of $< and $> after a POSIX::setuid($uid) call (from root). perl -e 'use POSIX; print "($<)($>)\n"; POSIX::setuid(500); print "($<)($>)\n"' (0)(0) (500)(500) On the other side, I'm glad that at least the set_gid portion is working.

Thu Jul 21 11:06:17 2005 Guest - Correspondence added

From:

lists [...] johnmecham.com

[RHANDOM - Thu Jul 21 10:43:56 2005]: Show quoted text

> Unfortunately that will break on BSD. > On the other side, I'm glad that at least the set_gid portion is > working.

Red Hat 9.0 Perl 5.8.0 # perl -e 'use POSIX; print "($<)($>)\n"; POSIX::setuid(500); print "($<)($>)\n"' (0)(0) (0)(0) POSIX::setuid($uid); + print "($<)($>)\n"; - if ($_gid != $gid) { + if (! grep {$gid == $_} split /\s+/, $() { Jul 21 09:01:31 sf1.example.com amavisd[3375]: Net::Server: Setting gid to "999 999" Jul 21 09:01:31 sf1.example.com amavisd[3375]: Net::Server: Setting uid to "999" (0)(0) Jul 21 09:01:31 sf1.example.com amavisd[3375]: Net::Server: 2005/07/21- 09:01:31 Couldn't become uid "999": \n\n at line 486 in file /usr/lib/perl5/site_perl/5.8.0/Net/Server.pm

Thu Jul 21 11:12:29 2005 paul [...] seamons.com - Correspondence added

Show quoted text

> Red Hat 9.0 Perl 5.8.0 > > # perl -e 'use POSIX; print "($<)($>)\n"; POSIX::setuid(500); > print "($<)($>)\n"' > (0)(0) > (0)(0)

Sorry - to be more specific... The uid 500 exists on my system. Please use one of the userids from your /etc/passwd file (if 500 doesn't exist - then pick one that does).

Thu Jul 21 11:48:44 2005 Guest - Correspondence added

Show quoted text

> Please use one of the userids from > your /etc/passwd file (if 500 doesn't exist - then pick one that > does).

Red Hat 9.0 Perl 5.8.0: grep '999' /etc/passwd amavis:x:999:999:amavisd-new daemon:/var/amavis:/sbin/nologin perl -e 'use POSIX; print "($<)($>)\n"; POSIX::setuid(999); \ print "($<)($>)\n"' (0)(0) (0)(0) So on this 5.8.0 system, it does not matter whether the user exists or not, it always returns (0)(0). On my Debian Sarge Perl 5.8.6 machine, it does not matter whether the user exists or not either, it will return whatever you set POSIX::setuid() to: grep 999 /etc/passwd (nothing returned) perl -e 'use POSIX; print "($<)($>)\n"; POSIX::setuid(999); \ print "($<)($>)\n"' (0)(0) (999)(999) grep 103 /etc/passwd amavis:x:103:104:AMaViS system user,,,:/var/lib/amavis:/bin/sh perl -e 'use POSIX; print "($<)($>)\n"; POSIX::setuid(999); \ print "($<)($>)\n"' (0)(0) (103)(103) My FreeBSD systems acts identically to my Debian system. I am not a Perl programmer, so yes, specific is a good thing.

Thu Jul 21 13:26:03 2005 paul [...] seamons.com - Correspondence added

OK here is some more to try - it asks the system what it thinks it is after trying to set $< and $> two different ways - change 500 to 999 for your case. perl -MPOSIX -e'$u=500;if(!fork){POSIX::setuid($u);print"1 ($<-$>)\n"}elsif(!fork){$<=$>=$u;print"2($<-$>)\n"}else{sleep 1; print `ps --ppid=$$ -o euid,ruid`}sleep 2' 1(500-500) 2(500-500) EUID RUID 500 500 500 500 0 0

Thu Jul 21 14:26:37 2005 Guest - Correspondence added

From:

lists [...] johnmecham.com

On the Red Hat machine: 1 (0-0) 2(999-999) ps: error: Unknown gnu long option. usage: ps -[Unix98 options] ps [BSD-style options] ps --[GNU-style long options] ps --help for a command summary (and with a user that does not exist:) 1 (0-0) 2(110-110) ps: error: Unknown gnu long option. usage: ps -[Unix98 options] ps [BSD-style options] ps --[GNU-style long options] ps --help for a command summary Sorry Paul, the argument given to ps is not supported. On my Debian Machine: 1 (103-103) 2(103-103) EUID RUID 103 103 103 103 0 0 (similar result when the user does not exist) 1 (999-999) 2(999-999) EUID RUID 999 999 999 999 0 0 On my FreeBSD machine: fork: Event not found.

Tue Jul 26 18:09:25 2005 Guest - Correspondence added

From:

lists [...] johnmecham.com

FYI: Looks like more of a Perl 5.8.0 bug than a RedHat bug. Whether it only affects Linux boxes is not known to me. Here is a post from someone who is running SuSE 8.1: Show quoted text

> I've been running amavisd successfully for a couple of years on an > ageing SuSE 8.1 server with no problems until now.

Show quoted text

> Here is the output when I start amavisd (as root) with the debug flag. >

======================================================================= Show quoted text

> Jul 8 14:38:30 aeryn.home ./amavisd[5308]: starting. ./amavisd at

aeryn.home \ Show quoted text

> amavisd-new-2.3.2 (20050629), Unicode aware, LANG= en_GB > Jul 8 14:38:30 aeryn.home ./amavisd[5308]: user=, EUID: 0 (0);

group=, EGID: 0 0 \ Show quoted text

> (0 0) > Jul 8 14:38:30 aeryn.home ./amavisd[5308]: Perl

version 5.008 This user downgraded to 0.87 to work around the problem.

Tue Aug 02 04:44:39 2005 Guest - Correspondence added

From:

JussiT

[guest - Thu Jul 21 11:48:44 2005]: Show quoted text

> Red Hat 9.0 Perl 5.8.0: > > grep '999' /etc/passwd > amavis:x:999:999:amavisd-new daemon:/var/amavis:/sbin/nologin > > perl -e 'use POSIX; print "($<)($>)\n"; POSIX::setuid(999); \ > print "($<)($>)\n"' > (0)(0) > (0)(0)

Test #1: RHEL (Red Hat Enterprise Linux) 3 ES and perl-5.8.0-89.10. Logged in as root (uid)0) # grep amavis /etc/passwd amavis:x:503:503:amavisd-new:/var/amavis:/bin/bash # perl -e 'use POSIX; print "($<)($>)\n"; POSIX::setuid(503); \ Show quoted text

> print "($<)($>)\n"'

(0)(0) (0)(0) Logged in as amavis (uid=503): $ grep amavis /etc/passwd amavis:x:503:503:amavisd-new:/var/amavis:/bin/bash $ perl -e 'use POSIX; print "($<)($>)\n"; POSIX::setuid(503); \ Show quoted text

> print "($<)($>)\n"'

(503)(503) (503)(503) That amavisd-new-2.3.2 system hates Net::Server-0.88, but works fine with Net::Server-0.87. Test #2: Fedora Core 4 and perl-5.8.6-15. Logged in as root (uid=0): # grep amavis /etc/passwd amavis:x:506:506:AMaViS email virus scanner user:/home/amavis:/bin/sh # perl -e 'use POSIX; print "($<)($>)\n"; POSIX::setuid(506); \ print "($<)($>)\n"' (0)(0) (506)(506) Logged in as amavis (uid=506): $ perl -e 'use POSIX; print "($<)($>)\n"; POSIX::setuid(506); \ Show quoted text

> print "($<)($>)\n"'

(506)(506) (506)(506) This one has amavisd-new-2.3.2 and Net::Server-0.88 and they work fine. So, it looks like that problematic RHEL3ES + perl-5.8.0 returns wrong uid and gid values, when querying as a root. This is problem, when running amavisd-new-2.3.2 with Net::Server-0.88.

Thu Nov 17 10:18:04 2005 Guest - Correspondence added

From:

JussiT

So, RHEL 3 has broken perl-5.8.0. See RH Bugzilla ticket https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=165078 If someone is interested, bugfixed perl-5.8.0-90.2 is available at http://people.redhat.com/~jvdias/perl/RHEL-3/ It will be included in next OS update package (RHEL 3 Update 7).

Wed Nov 23 03:42:46 2005 paul [...] seamons.com - Status changed from 'new' to 'resolved'