[Dovecot] (straced) FreeBSD - dovecot: We couldn't drop root group privileges

Igor B. Bykhalo goshik at binep.ac.ru
Tue Aug 24 18:52:39 EEST 2004 

In addition to my previous mail:

Here is strace of dovecot-auth

> 8103  gettimeofday({1093361203, 316780}, NULL) = 0
> 8103  poll([{fd=3, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=0, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=12, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=7, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=9, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL, revents=POLLIN}, {fd=10, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=11, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=8, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}], 8, 4999) = 1
> 8103  gettimeofday({1093361207, 953058}, {0, 0}) = 0
> 8103  read(9, "\1\0\0\0\1\0\0\0\1\0\0\0\1\0\0\0", 4092) = 16
> 8103  write(9, "\1\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 20) = 20
> 8103  gettimeofday({1093361207, 953333}, NULL) = 0
> 8103  poll([{fd=3, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=0, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=12, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=7, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=9, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL, revents=POLLIN}, {fd=10, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=11, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=8, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}], 8, 362) = 1
> 8103  gettimeofday({1093361207, 953510}, {0, 0}) = 0
> 8103  read(9, "\2\0\0\0\1\0\0\0\20\0\0\0\0goshik\0cug83air", 4076) = 28
> 8103  geteuid(0x2821d7ac)               = 0
> 8103  stat("/etc/spwd.db", {st_mode=S_IFREG|0600, st_size=57344, ...}) = 0
> 8103  open("/etc/spwd.db", O_RDONLY)    = 13
> 8103  fcntl(13, F_SETFD, FD_CLOEXEC)    = 0
> 8103  read(13, "\0\6\25a\0\0\0\2\0\0\4\322\0\0\20\0\0\0\0\f\0\0\1\0\0\0"..., 260) = 260
> 8103  lseek(13, 28672, SEEK_SET)        = 28672
> 8103  read(13, "L\0\373\17\302\17\275\17u\17o\17\'\17\"\17\347\16\342\16"..., 4096) = 4096
> 8103  close(13)                         = 0
> 8103  write(9, "\1\0\0\0\2\0\0\0\0\0\0\0\377\377\377\377\7\0\0\0", 20) = 20
> 8103  write(9, "goshik\0", 7)           = 7
> 8103  gettimeofday({1093361207, 956126}, NULL) = 0
> 8103  poll([{fd=3, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=0, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL, revents=POLLIN}, {fd=12, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=7, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=9, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=10, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=11, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=8, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}], 8, 359) = 1
> 8103  gettimeofday({1093361207, 956281}, {0, 0}) = 0
> 8103  recvfrom(0, "\10\0\0\0\1\0\0\0\336\37\0\0", 12, 0, NULL, NULL) = 12
> 8103  geteuid(0x2821d7ac)               = 0
> 8103  stat("/etc/spwd.db", {st_mode=S_IFREG|0600, st_size=57344, ...}) = 0
> 8103  open("/etc/spwd.db", O_RDONLY)    = 13
> 8103  fcntl(13, F_SETFD, FD_CLOEXEC)    = 0
> 8103  read(13, "\0\6\25a\0\0\0\2\0\0\4\322\0\0\20\0\0\0\0\f\0\0\1\0\0\0"..., 260) = 260
> 8103  lseek(13, 28672, SEEK_SET)        = 28672
> 8103  read(13, "L\0\373\17\302\17\275\17u\17o\17\'\17\"\17\347\16\342\16"..., 4096) = 4096
> 8103  close(13)                         = 0
> 8103  write(0, "\10\0\0\0\1\0\0\0\351\3\0\0\0\0\0\0\0\0\0\0\7\0\0\0\16"..., 67) = 67
> 8103  gettimeofday({1093361207, 960232}, NULL) = 0
> 8103  poll([{fd=3, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=0, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=12, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=7, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=9, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL, revents=POLLIN}, {fd=10, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=11, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=8, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}], 8, 355) = 1
> 8103  gettimeofday({1093361207, 960600}, {0, 0}) = 0
> 8103  read(9, "", 4048)                 = 0
> 8103  close(9)                          = 0
> 8103  gettimeofday({1093361207, 960834}, NULL) = 0
> 8103  poll([{fd=3, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=0, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=12, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=7, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=8, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=10, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=11, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}], 7, 355) = 0
> 8103  gettimeofday({1093361208, 326562}, {0, 0}) = 0
> 8103  gettimeofday({1093361208, 326643}, NULL) = 0
> 8103  poll([{fd=3, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=0, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=12, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=7, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=8, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=10, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=11, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}], 7, 0) = 0
> 8103  gettimeofday({1093361208, 326799}, {0, 0}) = 0
> 8103  gettimeofday({1093361208, 326888}, NULL) = 0
> 8103  poll([{fd=3, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL, revents=POLLIN}, {fd=0, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=12, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=7, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=8, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=10, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=11, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}], 7, 4999) = 1
> 8103  gettimeofday({1093361208, 620235}, {0, 0}) = 0
> 8103  accept(3, {sa_family=AF_UNIX, path=@}, [16]) = 9
> 8103  fcntl(9, F_GETFL)                 = 0x6 (flags O_RDWR|O_NONBLOCK)
> 8103  fcntl(9, F_SETFL, O_RDWR|O_NONBLOCK) = 0
> 8103  fstat(9, {st_mode=S_IFSOCK|0666, st_size=4, ...}) = 0
> 8103  lseek(9, 0, SEEK_CUR)             = -1 ESPIPE (Illegal seek)
> 8103  getsockname(9, {sa_family=AF_UNIX, path="/var/run/dovecot/login/def0ыїїф     "}, [28]) = 0
                                                                        ^^^^^^^^^^^^^^^^^
Oops!                                                                   What's this?

> 8103  write(9, "\247\37\0\0\1\0\0\0", 8) = 8
> 8103  gettimeofday({1093361208, 620917}, NULL) = 0
> 8103  poll([{fd=3, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=0, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=12, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=7, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=8, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=10, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=11, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=9, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL, revents=POLLIN}], 8, 4705) = 1
> 8103  gettimeofday({1093361208, 621073}, {0, 0}) = 0
> 8103  read(9, "\2320\0\0", 4096)        = 4
> 8103  gettimeofday({1093361208, 621228}, NULL) = 0
> 8103  poll([{fd=3, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=0, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=12, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=7, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=8, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=10, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=11, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=9, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}], 8, 4704) = 0

And here is how paths in /var are looking:

> /var/mail:
> total 2
> -rw-------  1 dovecot  dovecot    0 23 Aug 20:32 dovecot
> drwxr-xr-x  2 goshik   network  512 24 Aug 18:34 goshik
> -rw-------  1 postfix  postfix    0 23 Aug 16:59 postfix
> 
> /var/run/dovecot/login:
> total 0
> srw-rw----  1 root  dovecot  0 24 Aug 18:58 default

I also straced dovecot process, but it showed no visible (to me) errors.

TIA,
Igor

More information about the dovecot mailing list