Bug#373786: /etc/cron.daily/exim4-base should unset TMPDIR

2006-10-09 Thread Piotr Kaczuba 
Marc Haber napisał(a):
> On Fri, Oct 06, 2006 at 04:00:36PM +0200, Marc Haber wrote:
>> I'm going to fix the script to run as root.
> 
> This is now in svn, see
> http://svn.debian.org/wsvn/pkg-exim4/exim/trunk/debian/exim4_refresh_gnutls-params?op=file&rev=1626&sc=0
> 
> I'd appreciate if you could test this.
[...]

It works as expected.

The following if-block with "chmod --reference" seems unnecessary,
however, considering the fact that you change the permissions later anyway.

if [ -e "$PARAMFILE" ] ; then
  chmod --reference="$PARAMFILE" "$tempgnutls"
fi
chown Debian-exim:Debian-exim "$tempgnutls"
chmod 400 "$tempgnutls"

Thanks,
Piotr Kaczuba


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#373786: /etc/cron.daily/exim4-base should unset TMPDIR

2006-10-09 Thread Marc Haber 
On Mon, Oct 09, 2006 at 04:49:10PM +0200, Piotr Kaczuba wrote:
> Marc Haber napisa??(a):
> > On Fri, Oct 06, 2006 at 04:00:36PM +0200, Marc Haber wrote:
> >> I'm going to fix the script to run as root.
> > 
> > This is now in svn, see
> > http://svn.debian.org/wsvn/pkg-exim4/exim/trunk/debian/exim4_refresh_gnutls-params?op=file&rev=1626&sc=0
> > 
> > I'd appreciate if you could test this.
> [...]
> 
> It works as expected.

Thanks for helping.

> The following if-block with "chmod --reference" seems unnecessary,
> however, considering the fact that you change the permissions later anyway.
> 
> if [ -e "$PARAMFILE" ] ; then
>   chmod --reference="$PARAMFILE" "$tempgnutls"
> fi
> chown Debian-exim:Debian-exim "$tempgnutls"
> chmod 400 "$tempgnutls"

Thanks for spotting this, fixed in svn.

Greetings
Marc

-- 
-
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#373786: /etc/cron.daily/exim4-base should unset TMPDIR

2006-10-09 Thread Marc Haber 
On Fri, Oct 06, 2006 at 04:00:36PM +0200, Marc Haber wrote:
> I'm going to fix the script to run as root.

This is now in svn, see
http://svn.debian.org/wsvn/pkg-exim4/exim/trunk/debian/exim4_refresh_gnutls-params?op=file&rev=1626&sc=0

I'd appreciate if you could test this.

The trunk version has been changed again and does _not_ work with the
packages currently in Debian. The link refers to the correct revision
1626.

Greetings
Marc

-- 
-
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#373786: /etc/cron.daily/exim4-base should unset TMPDIR

2006-10-05 Thread Marc Haber 
On Wed, Oct 04, 2006 at 10:59:49PM +0200, Marc Haber wrote:
> I have committed a fix to svn, see
> http://svn.debian.org/wsvn/pkg-exim4/exim/trunk/debian/exim4_refresh_gnutls-params?op=file&rev=0&sc=0
> For this script to work, you'll need the current cron job from exim4
> 4.63-4.

This fix is broken, do not use. See #391183.

Greetings
Marc

-- 
-
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#373786: /etc/cron.daily/exim4-base should unset TMPDIR

2006-10-04 Thread Marc Haber 
On Wed, Oct 04, 2006 at 08:57:48PM +0200, Piotr Kaczuba wrote:
> However, the su solution is still needed for exim4_refresh_gnutls-params
> and we can argue if it should be also left in place for the find part in
>  the cron script, if exim_tidydb should ever want to write to TMPDIR.

I'm going to leave that in.

Greetings
Marc

-- 
-
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#373786: /etc/cron.daily/exim4-base should unset TMPDIR

2006-10-04 Thread Marc Haber 
On Wed, Oct 04, 2006 at 08:00:40PM +0200, Piotr Kaczuba wrote:
> Marc Haber napisa??(a):
> [...]
> > Link to svn:
> > http://svn.debian.org/wsvn/pkg-exim4/exim/trunk/debian/exim4-base.cron.daily?op=file&rev=0&sc=0
> > 
> > Piotr, can you please try if this works on your system with
> > libpam-tmpdir?
> 
> It seems to work fine, but it turns out that the same problem is also
> present in /usr/share/exim4/exim4_refresh_gnutls-params, which also uses
> start-stop-daemon and is invoked later in the exim4-base cron script.
> I guess you'll have to add the su alternative there, too.

I have committed a fix to svn, see
http://svn.debian.org/wsvn/pkg-exim4/exim/trunk/debian/exim4_refresh_gnutls-params?op=file&rev=0&sc=0
For this script to work, you'll need the current cron job from exim4
4.63-4.

Greetings
Marc

-- 
-
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#373786: /etc/cron.daily/exim4-base should unset TMPDIR

2006-10-04 Thread Piotr Kaczuba 
Piotr Kaczuba napisał(a):
> Marc Haber napisał(a):
> [...]
>> Link to svn:
>> http://svn.debian.org/wsvn/pkg-exim4/exim/trunk/debian/exim4-base.cron.daily?op=file&rev=0&sc=0
>>
>> Piotr, can you please try if this works on your system with
>> libpam-tmpdir?
> 
> It seems to work fine, but it turns out that the same problem is also
> present in /usr/share/exim4/exim4_refresh_gnutls-params, which also uses
> start-stop-daemon and is invoked later in the exim4-base cron script.
> I guess you'll have to add the su alternative there, too.

I did some further tests and noticed that there are no log entries for
su in auth.log. After investigating a little it turned out that the su
part never got called because start-stop-daemon didn't fail.
It was exim4_refresh_gnutls-params, which is also using
start-stop-daemon to change the uid, that failed from the very
beginning, so I have to apologize for not investigating this problem
closely enough in the first place before reporting.
However, the su solution is still needed for exim4_refresh_gnutls-params
and we can argue if it should be also left in place for the find part in
 the cron script, if exim_tidydb should ever want to write to TMPDIR.

Thanks,
Piotr Kaczuba



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#373786: /etc/cron.daily/exim4-base should unset TMPDIR

2006-10-04 Thread Piotr Kaczuba 
Marc Haber napisał(a):
[...]
> Link to svn:
> http://svn.debian.org/wsvn/pkg-exim4/exim/trunk/debian/exim4-base.cron.daily?op=file&rev=0&sc=0
> 
> Piotr, can you please try if this works on your system with
> libpam-tmpdir?

It seems to work fine, but it turns out that the same problem is also
present in /usr/share/exim4/exim4_refresh_gnutls-params, which also uses
start-stop-daemon and is invoked later in the exim4-base cron script.
I guess you'll have to add the su alternative there, too.

Thanks,
Piotr Kaczuba


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#373786: /etc/cron.daily/exim4-base should unset TMPDIR

2006-10-04 Thread Marc Haber 
On Mon, Oct 02, 2006 at 12:58:44PM +0200, Tollef Fog Heen wrote:
> You probably rather want to check if TMP and TMPDIR are writable, and if 
> not reset them to /tmp or similar.

I have committed a fix to svn where the daily cron job first tries the
process with start-stop-daemon, and falls back to a plain su if the
invocation via start-stop-daemon fails for some reason.

Code:
if [ -x /usr/sbin/exim_tidydb ]; then
  cd $SPOOLDIR/db || exit 1
  if ! find $SPOOLDIR/db -maxdepth 1 -name '*.lockfile' -or -type f \
-printf '%f\0' | \
  xargs -0r -n 1 \
  start-stop-daemon --start --exec /usr/sbin/exim_tidydb \
  --chuid Debian-exim:Debian-exim -- $SPOOLDIR > /dev/null; then
# if we reach this, invoking exim_tidydb from start-stop-daemon has
# failed, most probably because of libpam-tmpdir is in use
# (see #373786 and #376165)
find $SPOOLDIR/db -maxdepth 1 -name '*.lockfile' -or -type f \
-printf '%f\0' | \
su - --shell /bin/bash \
 --command "xargs -0r -n 1 /usr/sbin/exim_tidydb $SPOOLDIR > /dev/null" 
\
 Debian-exim
  fi
fi

Link to svn:
http://svn.debian.org/wsvn/pkg-exim4/exim/trunk/debian/exim4-base.cron.daily?op=file&rev=0&sc=0

Piotr, can you please try if this works on your system with
libpam-tmpdir?

Greetings
Marc

-- 
-
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#373786: /etc/cron.daily/exim4-base should unset TMPDIR

2006-10-02 Thread Marc Haber 
On Mon, Oct 02, 2006 at 12:58:44PM +0200, Tollef Fog Heen wrote:
> Marc Haber skrev:
> >On Tue, Jul 04, 2006 at 04:24:33PM +0200, Marc Haber wrote:
> >>On Mon, Jul 03, 2006 at 03:41:47PM +0200, Tollef Fog Heen wrote:
> >>>* Marc Haber 
> >>>| >It's probably not a security problem, though, as in it'll still be
> >>>| >better than using /tmp as $TMP{,DIR}.
> >>>| 
> >>>| Is there any better possibility to solve the issue at hand?
> >>>
> >>>Using su - instead of --chuid, might work.  It's not pretty, though.
> >>Ok. So I need to first learn why start-stop-daemon was used here in
> >>the first place.
> >
> >After investigating, it looks like start-stop-daemon was used over su
> >to avoid a syslog message from being written.
> 
> What's the harm in a syslog message?

Search the Web for newbies asking who has changed from root to nobody
during the daily cron job. exim4 is installed by default. Go figure.

> >As there is still #376165 and it is unlikely to have this fixed for
> >etch, I'd like to locall work around this issue. Is there any way to
> >programmatically find out whether libpam-tmpdir is in use to have the
> >cron job fall back to su in this case?
> 
> You probably rather want to check if TMP and TMPDIR are writable, and if 
> not reset them to /tmp or similar.

Good idea.

Greetings
Marc

-- 
-
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#373786: /etc/cron.daily/exim4-base should unset TMPDIR

2006-10-02 Thread Tollef Fog Heen 

Marc Haber skrev:


On Tue, Jul 04, 2006 at 04:24:33PM +0200, Marc Haber wrote:

On Mon, Jul 03, 2006 at 03:41:47PM +0200, Tollef Fog Heen wrote:
* Marc Haber 
| >It's probably not a security problem, though, as in it'll still be

| >better than using /tmp as $TMP{,DIR}.
| 
| Is there any better possibility to solve the issue at hand?


Using su - instead of --chuid, might work.  It's not pretty, though.

Ok. So I need to first learn why start-stop-daemon was used here in
the first place.


After investigating, it looks like start-stop-daemon was used over su
to avoid a syslog message from being written.


What's the harm in a syslog message?


As there is still #376165 and it is unlikely to have this fixed for
etch, I'd like to locall work around this issue. Is there any way to
programmatically find out whether libpam-tmpdir is in use to have the
cron job fall back to su in this case?


You probably rather want to check if TMP and TMPDIR are writable, and if 
not reset them to /tmp or similar.


- tfheen


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#373786: Re: Bug#373786: /etc/cron.daily/exim4-base should unset TMPDIR

2006-09-29 Thread Marc Haber 
block #373786 with #376165
# let's see whether this was the right way around.
thanks

On Tue, Jul 04, 2006 at 04:24:33PM +0200, Marc Haber wrote:
> On Mon, Jul 03, 2006 at 03:41:47PM +0200, Tollef Fog Heen wrote:
> > * Marc Haber 
> > | >It's probably not a security problem, though, as in it'll still be
> > | >better than using /tmp as $TMP{,DIR}.
> > | 
> > | Is there any better possibility to solve the issue at hand?
> > 
> > Using su - instead of --chuid, might work.  It's not pretty, though.
> 
> Ok. So I need to first learn why start-stop-daemon was used here in
> the first place.

After investigating, it looks like start-stop-daemon was used over su
to avoid a syslog message from being written.

As there is still #376165 and it is unlikely to have this fixed for
etch, I'd like to locall work around this issue. Is there any way to
programmatically find out whether libpam-tmpdir is in use to have the
cron job fall back to su in this case?

Greetings
Marc

-- 
-
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#373786: /etc/cron.daily/exim4-base should unset TMPDIR

2006-07-04 Thread Marc Haber 
On Mon, Jul 03, 2006 at 03:41:47PM +0200, Tollef Fog Heen wrote:
> * Marc Haber 
> | >It's probably not a security problem, though, as in it'll still be
> | >better than using /tmp as $TMP{,DIR}.
> | 
> | Is there any better possibility to solve the issue at hand?
> 
> Using su - instead of --chuid, might work.  It's not pretty, though.

Ok. So I need to first learn why start-stop-daemon was used here in
the first place.

Greetings
Marc

-- 
-
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#373786: /etc/cron.daily/exim4-base should unset TMPDIR

2006-07-03 Thread Tollef Fog Heen 
* Marc Haber 

| >It's probably not a security problem, though, as in it'll still be
| >better than using /tmp as $TMP{,DIR}.
| 
| Is there any better possibility to solve the issue at hand?

Using su - instead of --chuid, might work.  It's not pretty, though.

-- 
Tollef Fog Heen,''`.
UNIX is user friendly, it's just picky about who its friends are  : :' :
  `. `' 
`-  


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#373786: /etc/cron.daily/exim4-base should unset TMPDIR

2006-07-03 Thread Tollef Fog Heen 
* Marc Haber 

| One would have to chown 701 /tmp/user/0. Would that open a too big
| security hole in your opinion?

I'd be somewhat unconfortable with it -- the point of pam-tmpdir is to
have a completely private $TMP.  It's probably not a security problem,
though, as in it'll still be better than using /tmp as $TMP{,DIR}.

-- 
Tollef Fog Heen,''`.
UNIX is user friendly, it's just picky about who its friends are  : :' :
  `. `' 
`-  


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#373786: /etc/cron.daily/exim4-base should unset TMPDIR

2006-07-03 Thread Marc Haber 
On Mon, Jul 03, 2006 at 11:02:57AM +0200, Tollef Fog Heen wrote:
> * Marc Haber 
> | One would have to chown 701 /tmp/user/0. Would that open a too big
> | security hole in your opinion?
> 
> I'd be somewhat unconfortable with it -- the point of pam-tmpdir is to
> have a completely private $TMP.

I understand that.

>It's probably not a security problem,
> though, as in it'll still be better than using /tmp as $TMP{,DIR}.

Is there any better possibility to solve the issue at hand?

Greetings
Marc

-- 
-
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#373786: /etc/cron.daily/exim4-base should unset TMPDIR

2006-07-03 Thread Marc Haber 
On Mon, Jul 03, 2006 at 08:48:21AM +0200, Tollef Fog Heen wrote:
> * Marc Haber 
> | A workaround possible for Debian-exim could be
> | mkdir $TMPDIR/Debian-exim
> | chown Debian-exim $TMPDIR/Debian-exim
> | TMPDIR=$TMPDIR/Debian-exim start-stop-daemon --chuid Debian-exim some_job
> | which might also expose a file system which should only be writeable
> | for root for a non-root user.
> | 
> | Piotr, would this be an acceptable workaround for you?
> | 
> | libpam-tmpdir maintainer, is this an acceptable workaround from a
> | libpam-tmpdir point of view?
> 
> Apart from the fact that you won't be able to access
> /tmp/user/0/Debian-exim due to /tmp/user/0 being mode 0700, it'll
> work.

One would have to chown 701 /tmp/user/0. Would that open a too big
security hole in your opinion?

> So no, this won't really work; if you do that, you either need to
> check if $TMPDIR/Debian-exim is accessible to Debian-exim or you need
> to make sure it is. 

I'd like making sure it is.

> | dpkg-maintainer, is it possible to have start-stop-daemon do a pam
> | call in case of --chuid so that TMPDIR is set correctly?
> 
> This would be the best solution, IMO.

I hope the dpkg guys agree.

Greetings
Marc

-- 
-
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#373786: /etc/cron.daily/exim4-base should unset TMPDIR

2006-07-03 Thread Tollef Fog Heen 
* Marc Haber 

| A workaround possible for Debian-exim could be
| mkdir $TMPDIR/Debian-exim
| chown Debian-exim $TMPDIR/Debian-exim
| TMPDIR=$TMPDIR/Debian-exim start-stop-daemon --chuid Debian-exim some_job
| which might also expose a file system which should only be writeable
| for root for a non-root user.
| 
| Piotr, would this be an acceptable workaround for you?
| 
| libpam-tmpdir maintainer, is this an acceptable workaround from a
| libpam-tmpdir point of view?

Apart from the fact that you won't be able to access
/tmp/user/0/Debian-exim due to /tmp/user/0 being mode 0700, it'll
work.

So no, this won't really work; if you do that, you either need to
check if $TMPDIR/Debian-exim is accessible to Debian-exim or you need
to make sure it is. 

| dpkg-maintainer, is it possible to have start-stop-daemon do a pam
| call in case of --chuid so that TMPDIR is set correctly?

This would be the best solution, IMO.

-- 
Tollef Fog Heen,''`.
UNIX is user friendly, it's just picky about who its friends are  : :' :
  `. `' 
`-  


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#373786: /etc/cron.daily/exim4-base should unset TMPDIR

2006-06-30 Thread Marc Haber 
retitle #373786 /etc/cron.daily/exim4-base fails with libpam-tmpdir
clone #373786 -1 
reassign -1 dpkg
retitle -1 start-stop-daemon: should use PAM in --chuid setting
submitter -1 [EMAIL PROTECTED]
thanks

On Thu, Jun 15, 2006 at 04:22:54PM +0200, Piotr Kaczuba wrote:
> /etc/cron.daily/exim4-base should unset TMPDIR, so when one is using
> pam_tmpdir, the cron script could sucessfully do its work. The cron
> script uses find with chuid, and as a result tempnam() fails because
> it doesn't have access to the temp directory set by pam_tmpdir.

>From what I guess is that the bug reporter has libpam-tmpname
installed, and thus, for /etc/cron.daily/exim4-base, TMPDIR gets set
to /tmp/root, which is only writeable for root. The cron script then
proceeds to call "start-stop-daemon --chuid Debian-exim some_job",
with some_job using tempnam() to obtain a temporary file name,
honoring TMPDIR, which is not writeable by Debian-exim, the account
some_job is running as.

After discussing the issue on IRC with mrvn, jvw and waldi, I have
learned that applications are encouraged to use TMPDIR instead of a
hard-coded /tmp. Additionally, it is wrong to make the directory
$TMPDIR points to writeable for Debian-exim as it might be in a place
where only root should be able to write to.

Hence, the right thing to do is to set TMPDIR to a directory that is
writeable by Debian-exim.

A workaround possible for Debian-exim could be
mkdir $TMPDIR/Debian-exim
chown Debian-exim $TMPDIR/Debian-exim
TMPDIR=$TMPDIR/Debian-exim start-stop-daemon --chuid Debian-exim some_job
which might also expose a file system which should only be writeable
for root for a non-root user.

Piotr, would this be an acceptable workaround for you?

libpam-tmpdir maintainer, is this an acceptable workaround from a
libpam-tmpdir point of view?

dpkg-maintainer, is it possible to have start-stop-daemon do a pam
call in case of --chuid so that TMPDIR is set correctly?

Greetings
Marc

-- 
-
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#373786: /etc/cron.daily/exim4-base should unset TMPDIR

2006-06-15 Thread Piotr Kaczuba 
Package: exim4-base
Version: 4.62-1
Severity: normal

/etc/cron.daily/exim4-base should unset TMPDIR, so when one is using 
pam_tmpdir, the cron script could sucessfully do its work. The cron script uses 
find with chuid, and as a result tempnam() fails because it doesn't have access 
to the temp directory set by pam_tmpdir.

Below is the error message of /etc/cron.daily/exim4-base:

/etc/cron.daily/exim4-base:
tempnam: Permission denied
run-parts: /etc/cron.daily/exim4-base exited with return code 1

Piotr Kaczuba

-- Package-specific info:
Exim version 4.62 #1 built 02-May-2006 11:54:25
Copyright (c) University of Cambridge 2006
Berkeley DB: Sleepycat Software: Berkeley DB 4.3.29: (September  6, 2005)
Support for: crypteq iconv() IPv6 PAM Perl GnuTLS move_frozen_messages 
Content_Scanning Old_Demime
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch 
ldap ldapdn ldapm mysql nis nis0 passwd pgsql
Authenticators: cram_md5 cyrus_sasl plaintext spa
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /var/lib/exim4/config.autogenerated
# /etc/exim4/update-exim4.conf.conf
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'
#
# comments will be lost.

dc_eximconfig_configtype='internet'
dc_local_interfaces=''
dc_other_hostnames='orbiter:orbiter.attika.ath.cx:attika.ath.cx'
dc_readhost=''
dc_relay_domains=''
dc_relay_nets='10.0.0.0/8'
dc_smarthost=''
dc_minimaldns='false'
dc_localdelivery='maildir_home'
CFILEMODE='644'

dc_use_split_config='true'
dc_hide_mailname=''
dc_mailname_in_oh='true'
mailname:attika.ath.cx

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16.20-orbiter.x86-64.1
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)

Versions of packages exim4-base depends on:
ii  adduser   3.87   Add and remove users and groups
ii  cron  3.0pl1-94  management of regular background p
ii  debconf [debconf-2.0] 1.5.2  Debian configuration management sy
ii  exim4-config [exim4-config-2] 4.62-1 configuration for the exim MTA (v4
ii  libc6 2.3.6-15   GNU C Library: Shared libraries
ii  libdb4.3  4.3.29-5   Berkeley v4.3 Database Libraries [
ii  netbase   4.25   Basic TCP/IP networking system

Versions of packages exim4-base recommends:
ii  psmisc22.2-1 Utilities that use the proc filesy

-- debconf information:
  exim4/purge_spool: false
  exim4/move_exim3_spool: false


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]