Bug#293207: bogofilter: Any fix found?

Matthias Andree matthias.andree at gmx.de
Tue Mar 8 11:02:22 CET 2005 

[resending to list, wasn't aware it was in the list, too]

On Mon, 07 Mar 2005, Dann Daggett wrote:

> Aha! I think you've found it.
> 
> I have a cron job that's probably the culprit.
> 0-59 * * * * /usr/local/bin/dmd_todo
> 
> This is my own C program that processes spam training feedback that come
> back in from the user (i.e. dann) and executes bogofilter to update the
> wordlist accordingly. It uses a system() call sending the following command:
> 
> 	/usr/local/bin/bogofilter -s
> 		 -d "/home/dann/.bogofilter"
> 		 -I "/home/dann/Procmail/103"
>    
> I set this as a root cron job since it processes many different users spam
> training. I am now assuming that if this program's execution of bogofilter
> causes the log file to reach 1MB, the new log file created is owned by root!

Bingo!

> If this is the case I need to include a bogofilter option so it executes as
> the actual user being updated. I found no such option in the man pages
> however.

No need. Either of these options should work:

- some cron programs have the option of running their children under a
  particular user account; on SuSE, /etc/crontab has a 6th column for the
  user ID. Your cron may not offer this option.

- su(1), with GNU coreutils (or predecessors), something like the
  following might work, the trailing "dann" is the user account to use,
  and you may perhaps need to retry su -l -c ... (with -l, that's minus
  and ell) added, see "info coreutils 'su invocation'" for details.

  su -c '/usr/local/bin/bogofilter -s -d "/home/dann/.bogofilter" 
    -I "/home/dann/Procmail/103"' dann

- some run_as program. I am attaching my own variant,
  just prefix "run_as dann " to your cron job, without the quotes, and
  giving the program name (bogofilter) with full path, as you already
  do, run_as does not search $PATH. run_as expects to be run by root. As
  you already have bogofilter, allow me to refer you to the GNU General
  Public License that shipped with bogofilter in the COPYING file.

  Compile with gcc -Os -s -o run_as run_as.c
  (use -O rather than -Os if your compiler complains about -Os)

> If there is no such bogofilter option, perhaps I should not have this
> dmd_todo program run from root's cron, but create a cron job for every user
> to run it (but re-code the program to process only one user instead of all
> of them).

That would be the obvious solution.

-- 
Matthias Andree
-------------- next part --------------
/*
 *  run_as - run a program as a different user
 *  Copyright (C) 2002 Matthias Andree <matthias.andree at gmx.de>
 *
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */

#include <sys/types.h>
#include <pwd.h>
#include <grp.h>
#include <unistd.h>
#include <string.h>
#include <stdlib.h>
#include <stdio.h>

/*@unused@*/ static const char id[] = "$Id: run_as.c,v 1.2 2002/11/15 11:59:17 emma Exp emma $";

/*@noreturn@*/ static void usage(const char *n) {
	printf("Usage: %s useraccount /path/program [args]\n", n);
	exit(1);
}

/*@noreturn@*/ static void die(void) {
	exit(2);
}

/*@noreturn@*/ static void bail(const char *n) {
	perror(n);
	die();
}

int main(int argc, char **argv)
{
	int a = 1;
	struct passwd *p;

	if (argc < 3 || (argc > a && (!strcmp("-h", argv[a])
	|| !strcmp("--help", argv[a])))) usage(argv[0]);

	if (!strcmp("--", argv[a])) a++;

	if (!(p=getpwnam(argv[a]))) { 
		fprintf(stderr, "%s: No such user.\n", argv[0]); 
		die(); 
	}
	if (initgroups(p->pw_name, p->pw_gid)) bail(argv[0]);
	if (setgid(p->pw_gid)) bail(argv[0]);
	endgrent();

	if (setuid(p->pw_uid)) bail(argv[0]);
	endpwent();

	++a;
	if (execv(argv[a], argv + a)) bail(argv[a]);
	exit(0);
}
-------------- next part --------------
_______________________________________________
Bogofilter mailing list
Bogofilter at bogofilter.org
http://www.bogofilter.org/mailman/listinfo/bogofilter

More information about the Bogofilter mailing list