Re: security(8) doesn't know about mailbox locks

Sat, 22 Oct 2016 11:41:33 -0700 

Hi,

Philippe Meunier wrote on Fri, Oct 21, 2016 at 12:35:46PM -0400:

> When cron runs /etc/daily, that script runs df and netstat and the
> output is sent by email to root.  On my system, emails to root are
> forwarded to local user meunier using /root/.forward.  The forwarding
> itself temporarily creates a lock file in /var/mail:
> 
> -rw-------  1 root     wheel     0 Oct 21 23:55 meunier.lock
> 
> At the same time, /etc/daily runs /usr/libexec/security.  The
> check_mailboxes function in that file loops over all the files in
> /var/mail and checks whether the owner of the file matches the name of
> the file.  If check_mailboxes happens to be running exactly at the
> same time as the system is forwarding /etc/daily's first email, then
> check_mailboxes sees meunier.lock, the check for that file fails, and
> the result is another email sent to root:
> 
> Running security(8):
> 
> Checking mailbox ownership.
> user meunier.lock mailbox is owned by root
> 
> So I think the check_mailboxes function in /usr/libexec/security
> should either skip lock files or check them in a different way...

I just fixed this by committing the following patch.

Thanks for reporting,
  Ingo


CVSROOT:        /cvs
Module name:    src
Changes by:     schwa...@cvs.openbsd.org        2016/10/22 12:35:12

Modified files:
        libexec/security: security 

Log message:
When checking ownership and modes of files in /var/mail/,
ignore *.lock files, to avoid pointless warning mails
reported by Philippe Meunier <meunier at ccs dot neu dot edu>;
OK florian@ jca@


Index: security
===================================================================
RCS file: /cvs/src/libexec/security/security,v
retrieving revision 1.36
diff -u -p -r1.36 security
--- security    21 Jul 2015 19:07:13 -0000      1.36
+++ security    22 Oct 2016 06:25:15 -0000
@@ -455,6 +455,7 @@ sub check_mailboxes {
        nag !(opendir my $dh, $dir), "opendir: $dir: $!" and return;
        foreach my $name (readdir $dh) {
                next if $name =~ /^\.\.?$/;
+               next if $name =~ /.\.lock$/;
                my ($mode, $fuid, $fgid) = (stat "$dir/$name")[2,4,5];
                unless (defined $mode) {
                        nag !$!{ENOENT}, "stat: $dir/$name: $!";

Reply via email to