Bug#989929: marked as done (Suddenly restarting fetchmail started to fail with error about its global pidfile)

Sat, 26 Jun 2021 04:51:16 -0700 

Your message dated Sat, 26 Jun 2021 11:48:24 +0000
with message-id <[email protected]>
and subject line Bug#989929: fixed in fetchmail 6.4.16-2
has caused the Debian Bug report #989929,
regarding Suddenly restarting fetchmail started to fail with error about its 
global pidfile
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
989929: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989929
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: fetchmail
Version: 6.4.16-1
Severity: grave

This is currently run on testing since ages. I had to restart due to a changed
fingerprint and the global service started to fail with:

$ systemctl status fetchmail.service 
● fetchmail.service - LSB: init-Script for system wide fetchmail daemon
     Loaded: loaded (/etc/init.d/fetchmail; generated)
     Active: active (exited) since Wed 2021-06-16 08:07:28 CEST; 1h 23min ago
       Docs: man:systemd-sysv-generator(8)
      Tasks: 0 (limit: 9313)
     Memory: 0B
        CPU: 0
     CGroup: /system.slice/fetchmail.service

giu 16 08:07:28 klecker systemd[1]: Starting LSB: init-Script for system wide 
fetchmail daemon...
giu 16 08:07:28 klecker fetchmail[846490]: Starting mail retriever agent: 
fetchmail.
giu 16 08:07:28 klecker systemd[1]: Started LSB: init-Script for system wide 
fetchmail daemon.
giu 16 08:07:28 klecker fetchmail[846499]: starting fetchmail 6.4.16 daemon
giu 16 08:07:28 klecker fetchmail[846499]: fetchmail: lock creation failed, 
pidfile "/run/fetchmail/fetchmail.pid": File o directory non esistente

The /run/fetchmail directory ownership is correct (fetchmail:nogroup) and if I 
start the process by hand with:

sudo -u fetchmail -- fetchmail --pidfile /run/fetchmail/fetchmail.pid 
--nosslcertck -f /etc/fetchmailrc --syslog

it works regularly. So the problem is with the init script, still used by 
systemd. Here:

 start-stop-daemon -S -o -q -p $PIDFILE -x $DAEMON -u $USER -c $USER -- 
$OPTIONS;

I think the problem resides. I see that the pidfile is passed at the same time 
to start-stop-daemon and the daemon (-p and $OPTIONS) which
run in unprivileged mode.

I changed the instruction into:

 start-stop-daemon -S -o -q -x $DAEMON -u $USER -c $USER -- $OPTIONS;

and now it works. Note that currently man page reports:

          Warning: Using this match option with a world-writable pidfile or 
using it alone with a daemon that writes the pidfile as an unprivileged 
(non-root) user will be refused with an
          error (since version 1.19.3) as this is a security risk, because 
either any user can write to it, or if the daemon gets compromised, the 
contents of the pidfile cannot be trusted,
          and then a privileged runner (such as an init script executed as 
root) would end up acting on any system process.  Using /dev/null is exempt 
from these checks.

and bullseye runs dpkg v1.20.9 currently.

I'm tagging this bug as grave because even if fetchmail is not always used in 
daemon mode, it breaks for sure existing configurations in an unexpected way 
(and the reason
is quite obscure for the casual user)

- cheers



-- System Information:
Debian Release: 11.0
  APT prefers testing
  APT policy: (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-7-amd64 (SMP w/4 CPU threads)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages fetchmail depends on:
ii  adduser           3.118
ii  debianutils       4.11.2
ii  libc6             2.31-12
ii  libcom-err2       1.46.2-1
ii  libgssapi-krb5-2  1.18.3-5
ii  libkrb5-3         1.18.3-5
ii  libssl1.1         1.1.1k-1
ii  lsb-base          11.1.0

Versions of packages fetchmail recommends:
ii  ca-certificates  20210119

Versions of packages fetchmail suggests:
ii  exim4-daemon-heavy [mail-transport-agent]  4.94.2-5
pn  fetchmailconf                              <none>
pn  resolvconf                                 <none>

-- Configuration Files:
/etc/default/fetchmail changed:
OPTIONS=--nosslcertck
START_DAEMON=yes
PIDFILE=/run/fetchmail/fetchmail.pid


-- no debconf information

-- 
Francesco P. Lovergine

--- End Message ---
--- Begin Message --- 
Source: fetchmail
Source-Version: 6.4.16-2
Done: Laszlo Boszormenyi (GCS) <[email protected]>

We believe that the bug you reported is fixed in the latest version of
fetchmail, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <[email protected]> (supplier of updated fetchmail 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 24 Jun 2021 18:37:01 +0200
Source: fetchmail
Architecture: source
Version: 6.4.16-2
Distribution: unstable
Urgency: medium
Maintainer: Laszlo Boszormenyi (GCS) <[email protected]>
Changed-By: Laszlo Boszormenyi (GCS) <[email protected]>
Closes: 989929
Changes:
 fetchmail (6.4.16-2) unstable; urgency=medium
 .
   * Backport upstream fix for memory leak in timeout situation for LOGIN auth.
   * Backport upstream man page update.
   * Sync with Ubuntu.
 .
   [ Bryce Harrington <[email protected]> ]
   * d/t/control: Invoke upstream testsuite via make check.
   * d/t/control, d/t/operation, d/t/mock-pop3-server.py: Add DEP8 test
     for checking fetchmail's POP3 functionality.
     (LP: #1677818)
 .
   [ Francesco P. Lovergine <[email protected]> ]
   * Only pass pidfile to fetchmail in daemon mode (closes: #989929).
Checksums-Sha1:
 7dd21f409a2433dfdafe4df2ceac459aaa144de3 2169 fetchmail_6.4.16-2.dsc
 3afb35619a6991b0d8977f4cacdfb47c7e066096 52268 fetchmail_6.4.16-2.debian.tar.xz
Checksums-Sha256:
 f322416d577e594225bc87321975bc71d205beef8946587db09afb1ffe4c5212 2169 
fetchmail_6.4.16-2.dsc
 9a44e4b7fe44e6ea6ba9605fd5932cdd8af594cf8b811252bee9defee400c528 52268 
fetchmail_6.4.16-2.debian.tar.xz
Files:
 ff7095d9d4b6143a9464490bb311dec8 2169 mail optional fetchmail_6.4.16-2.dsc
 c83792653d67da6b11efefe2d94736f9 52268 mail optional 
fetchmail_6.4.16-2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAmDXDiAACgkQ3OMQ54ZM
yL/Ddg/+NeO5o7U3tpMcVJM/6nFwE+rrhKm77jWqGGWlQMYDDLl2U98t+2sgmXBz
DqTX2gBqyJCYDwRprR7J2keU5BZxo99ED0E9acQLyEwY+u3bYsI8lv3/o8m+nC/m
ig5Oy6hqEAV+EJhP7Q/DXFSN7xQL3PRQ/7IqdK6cZO3vWJu3liP7tpGww4QB4iVd
HFETWEpA5c9v2cYg4bhQwkf1PJhGK3N0D8pC6gvBMFhagaH8QzqvUJY7G1Y47RgV
Ceenmc8jpUiS6CVQdY39eYANInnaLvFOxrYFmr+O9vs7KmZ5ODnrcymhFYgHc9ee
80WCxI46gbLSQ1HSKGG87MVj9RgJhy582kWzq3476wOpxfAs5JscpqPynBcN6YH6
3GPmCNkivFaalIdkZ0AKCFccKPhQqJAyk1Dgzm/s0Ai2tnh35uH49ISdAc/wuH90
VcMX+9dSPmCUQnN0RafopZaG24ZCoORPWKMgMUqsaDyZjOu+BqhUvs/QzFYciY1E
L3FSWsGcaDGeC1OjYEJlu/aJozHuUNvrarxYcuvWQMnQc2s0gJ5pkGzsa4qRffTB
IDOK/o8T12kxH1r46vblwa8detSOky1sZnu1cYPa6rFYoSIWvwD5HM1jAHHP+uff
ANjtSdQLz9uMbm9efmQcu/EPAvJILIW9JcBYeOw1rT9nVBOZpyE=
=QoYN
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to