Re: a problem with linux 2.6.11 and sa

2005-03-09 Thread George Georgalis 
On Wed, Mar 09, 2005 at 01:06:11PM +, Nix wrote:

>> An interesting technique that allows a program (such as a log writer)
>> to run as an unprivileged user, while receiving privileged data. (taken
>> almost verbatim from Gerrit Pape's socklog)
>> 
>> #!/bin/sh
>> exec > exec 2>&1
>> exec softlimit -m 200 setuidgid nobody socklog ucspi
>> 
>> This script, run by root takes its stdin from /proc/kmsg then combines
>> its stdout and stderr, and exec-switches to the socklog program run
>> as an ucspi application listening to the domain stream socket, as
>> nobody:nogroup, with memory consumption limited to 2Mb. (and sends
>> log to stdout)
>
>This is definitely redirection, not piping. As far as I know the
>implementation of redirection in the kernel remains unchanged: certainly
>the need to buffer piped data doesn't exist in this case, and since the
>redesign was of the buffering, this is probably not your problem :)
>
>> It worked flawlessly until several kernel revs back when the kernel
>> started protecting kmsg and wouldn't allow the user program to receive
>> it,
>
>Indeed.
>
>>   result: nothing sent to the logging program and no error. The fix
>> was to run socklog as root instead of nobody.
>
>You should be able to open it as root and read from it as another user:
>i.e., your technique above shouldn't break. (I'd hope.)

Here is a nice proof that kmsg did become a problem around 2.6.0
http://article.gmane.org/gmane.comp.misc.pape.general/595
http://thread.gmane.org/gmane.comp.misc.pape.general/590


It (Gerrit Pape's technique) very defiantly stopped working a few revs
back (2.6.7?). I'm seeing a similar failed read from /dev/rtc and
mplayer with 2.6.10, now too.

http://lkml.org/lkml/2005/3/8/226

while read file; do mplayer $file ; done http://galis.org/george/ cell:646-331-2027 mailto:[EMAIL PROTECTED]

Re: a problem with linux 2.6.11 and sa

2005-03-09 Thread Nix 
On Tue, 8 Mar 2005, George Georgalis announced authoritatively:
> Here's what I'm doing that is broken. I use tcpserver (functionally
> similar to inetd) to receive an incoming smtp connection. While the
> smtp session is still open, the message is piped to a temp file which
> is then scanned for spam, if it passes the temp file is piped to my

Both of these sound like redirection, not piping.

>>(I don't see what you mean by `a pipe rom /proc/kmsg', though:
>>pipes connect processes, not files. File redirections are
>>quite different and should work unchanged in 2.6.11.)
> 
> An interesting technique that allows a program (such as a log writer)
> to run as an unprivileged user, while receiving privileged data. (taken
> almost verbatim from Gerrit Pape's socklog)
> 
> #!/bin/sh
> exec  exec 2>&1
> exec softlimit -m 200 setuidgid nobody socklog ucspi
> 
> This script, run by root takes its stdin from /proc/kmsg then combines
> its stdout and stderr, and exec-switches to the socklog program run
> as an ucspi application listening to the domain stream socket, as
> nobody:nogroup, with memory consumption limited to 2Mb. (and sends
> log to stdout)

This is definitely redirection, not piping. As far as I know the
implementation of redirection in the kernel remains unchanged: certainly
the need to buffer piped data doesn't exist in this case, and since the
redesign was of the buffering, this is probably not your problem :)

> It worked flawlessly until several kernel revs back when the kernel
> started protecting kmsg and wouldn't allow the user program to receive
> it,

Indeed.

>   result: nothing sent to the logging program and no error. The fix
> was to run socklog as root instead of nobody.

You should be able to open it as root and read from it as another user:
i.e., your technique above shouldn't break. (I'd hope.)

-- 
> ...Hires Root Beer...
What we need these days is a stable, fast, anti-aliased root beer
with dynamic shading. Not that you can let just anybody have root.
 --- John M. Ford

Re: a problem with linux 2.6.11 and sa

2005-03-08 Thread George Georgalis 
On Tue, 8 Mar 2005 12:19:53 -0500, George Georgalis <[EMAIL PROTECTED]> wrote:
> On Tue, Mar 08, 2005 at 11:58:14AM -0500, George Georgalis wrote:
> >On Tue, Mar 08, 2005 at 01:37:03PM +, Nix wrote:
> >>On Thu, 3 Mar 2005, George Georgalis uttered the following:
> >>> I recall a problem a while back with a pipe from
> >>> /proc/kmsg that was sent by root to a program with a
> >>> user uid. The fix was to run the logging program as
> >>> root. Has that protected pipe method been extended
> >>> since 2.6.8.1?
> >>
> >>The entire implementation of pipes has been radically revised between
> >>2.6.10 and 2.6.11: see, e.g.,  and
> >>.
> >>
> >>Bugs have been spotted in this area in 2.6.10: this may be
> >>another one.
> >
> >Thanks, my issue is clearly between 2.6.10 and 2.6.11; though I won't be
> >able to drill down anything more specific, for a while. The links
> >do look relevant but I cannot say for sure.

Here is a problem with 2.6.10:

while read file; do mplayer $file ; done http://galis.org/george/ cell:646-331-2027 mailto:[EMAIL PROTECTED]

Re: a problem with linux 2.6.11 and sa

2005-03-08 Thread George Georgalis 
On Tue, Mar 08, 2005 at 11:58:14AM -0500, George Georgalis wrote:
>On Tue, Mar 08, 2005 at 01:37:03PM +, Nix wrote:
>>On Thu, 3 Mar 2005, George Georgalis uttered the following:
>>> I recall a problem a while back with a pipe from
>>> /proc/kmsg that was sent by root to a program with a
>>> user uid. The fix was to run the logging program as
>>> root. Has that protected pipe method been extended
>>> since 2.6.8.1?
>>
>>The entire implementation of pipes has been radically revised between
>>2.6.10 and 2.6.11: see, e.g.,  and
>>.
>>
>>Bugs have been spotted in this area in 2.6.10: this may be
>>another one.
>
>Thanks, my issue is clearly between 2.6.10 and 2.6.11; though I won't be
>able to drill down anything more specific, for a while. The links
>do look relevant but I cannot say for sure.

My last post didn't actually describe what the problem is, which is
spamassassin always scores 0/0 under 2.6.11 but functions properly
(scoring x/5) under 2.6.10.

More details are in the thread of this post.
http://lkml.org/lkml/2005/3/3/513

// George

-- 
George Georgalis, systems architect, administrator Linux BSD IXOYE
http://galis.org/george/ cell:646-331-2027 mailto:[EMAIL PROTECTED]

Re: a problem with linux 2.6.11 and sa

2005-03-08 Thread George Georgalis 
On Tue, Mar 08, 2005 at 01:37:03PM +, Nix wrote:
>On Thu, 3 Mar 2005, George Georgalis uttered the following:
>> I recall a problem a while back with a pipe from
>> /proc/kmsg that was sent by root to a program with a
>> user uid. The fix was to run the logging program as
>> root. Has that protected pipe method been extended
>> since 2.6.8.1?
>
>The entire implementation of pipes has been radically revised between
>2.6.10 and 2.6.11: see, e.g.,  and
>.
>
>Bugs have been spotted in this area in 2.6.10: this may be
>another one.

Thanks, my issue is clearly between 2.6.10 and 2.6.11; though I won't be
able to drill down anything more specific, for a while. The links
do look relevant but I cannot say for sure.

Here's what I'm doing that is broken. I use tcpserver (functionally
similar to inetd) to receive an incoming smtp connection. While the
smtp session is still open, the message is piped to a temp file which
is then scanned for spam, if it passes the temp file is piped to my
local delivery program. If it doesn't pass the spam test or the delivery
program fails (disk full etc), the respective error code, if any,
is passed to tcpserver. The corresponding accepted, temporary reject or
permanently reject signal is passed to the remote sender.

The temp file is then removed or, for spam, it is cataloged for
statistics and/or abuse reporting. An additional copy is kept in a
traditional maildir to check for false positives.

#!/bin/bash
# exit 31 = permanently refuse
# exit 71 = temporarily refuse
# pwd is /var/qmail
echo $0 # for the logs
scq="spamc-queue" # a maildir with qmaild write perms
tmp="${scq}/`safecat "${scq}/tmp" "${scq}" >$sipd/date # keep track of when they 
came
maildir "${sipd}" >/dev/null <"$tmp" # keep a copy for reporting
maildir "${scq}"  >/dev/null <"$tmp" # save it to verify no falseys
rm "$tmp"
exit 31
;;
*) # spamc error, 
echo "$0 error, spamc exit $sce"
exit 71
esac
exit 81 # Internal bug



>If you can reproduce it consistently, *please* report
>this to the linux-kernel list!

I did, but have had no response to my followup:

Date: Fri, 4 Mar 2005 15:58:43 -0500
Subject: Re: problem with linux 2.6.11 and sa


>(I don't see what you mean by `a pipe rom /proc/kmsg', though:
>pipes connect processes, not files. File redirections are
>quite different and should work unchanged in 2.6.11.)


An interesting technique that allows a program (such as a log writer)
to run as an unprivileged user, while receiving privileged data. (taken
almost verbatim from Gerrit Pape's socklog)

#!/bin/sh
exec &1
exec softlimit -m 200 setuidgid nobody socklog ucspi

This script, run by root takes its stdin from /proc/kmsg then combines
its stdout and stderr, and exec-switches to the socklog program run
as an ucspi application listening to the domain stream socket, as
nobody:nogroup, with memory consumption limited to 2Mb. (and sends
log to stdout)

It worked flawlessly until several kernel revs back when the kernel
started protecting kmsg and wouldn't allow the user program to receive
it, result: nothing sent to the logging program and no error. The fix
was to run socklog as root instead of nobody.

// George



-- 
George Georgalis, systems architect, administrator Linux BSD IXOYE
http://galis.org/george/ cell:646-331-2027 mailto:[EMAIL PROTECTED]

Re: a problem with linux 2.6.11 and sa

2005-03-08 Thread Nix 
On Thu, 3 Mar 2005, George Georgalis uttered the following:
> I recall a problem a while back with a pipe from
> /proc/kmsg that was sent by root to a program with a
> user uid. The fix was to run the logging program as
> root. Has that protected pipe method been extended
> since 2.6.8.1?

The entire implementation of pipes has been radically revised between
2.6.10 and 2.6.11: see, e.g.,  and
.

Bugs have been spotted in this area in 2.6.10: this may be
another one.

If you can reproduce it consistently, *please* report
this to the linux-kernel list!

(I don't see what you mean by `a pipe rom /proc/kmsg', though:
pipes connect processes, not files. File redirections are
quite different and should work unchanged in 2.6.11.)

-- 
> ...Hires Root Beer...
What we need these days is a stable, fast, anti-aliased root beer
with dynamic shading. Not that you can let just anybody have root.
 --- John M. Ford

Re: a problem with linux 2.6.11 and sa

2005-03-03 Thread George Georgalis 
On Thu, Mar 03, 2005 at 04:53:58PM -0500, Matt Kettler wrote:
>At 04:40 PM 3/3/2005, George Georgalis wrote:
>>This log entry indicates when I booted into 2.6.11:
>>2005-03-02 12:05:47.018334500 2005-03-02 17:05:47 [781] i: server killed 
>>by SIGTERM, shutting down
>
>Is there any chance you're running out of memory and the OOM killer is 
>kicking in and sending SIGTERM's to spamd's?
>

No. There is 1Gb of memory on a very lightly loaded box, and no memory
intensive SA rules.

That SIGTERM was immedatly prior to the first time I booted 2.6.11,
where SA does not work (once) for remote connections (scores 0/0).  The
problem is resolved running 2.6.8.1, where SA has been flawless for a
while.

Just occured to me the big gaint lock (new between the versions) has
been enabled, could it be related? Below is a post to LKML from today.


I recall a problem a while back with a pipe from
/proc/kmsg that was sent by root to a program with a
user uid. The fix was to run the logging program as
root. Has that protected pipe method been extended
since 2.6.8.1?

...

SA has stopped stdout logging completely with 2.6.11
in addition to the all pass score. But the message
seems to go through my temp queue (for testing) and
sent on to my local MDA. I'm not sure if it's a sa
problem with the kernel or the new kernel doing
something new with pipes from tcp connections.
Maybe the new kernel is not making files available
(eg 0 bytes), until the writing pipe is closed?
That would make my SA test a zero byte file, which
would pass, close, become full, and the file piped
to local MDA is full? ...humm then I'd get a score
of "0/5"... this sounds like a SA problem with the
new kernel, ideas?

// George


-- 
George Georgalis, systems architect, administrator Linux BSD IXOYE
http://galis.org/george/ cell:646-331-2027 mailto:[EMAIL PROTECTED]

Re: a problem with linux 2.6.11 and sa

2005-03-03 Thread Matt Kettler 
At 04:40 PM 3/3/2005, George Georgalis wrote:
This log entry indicates when I booted into 2.6.11:
2005-03-02 12:05:47.018334500 2005-03-02 17:05:47 [781] i: server killed 
by SIGTERM, shutting down
Is there any chance you're running out of memory and the OOM killer is 
kicking in and sending SIGTERM's to spamd's?

a problem with linux 2.6.11 and sa

2005-03-03 Thread George Georgalis 
Is anyone successfully runing SA on a 2.6.11 linux kernel?

>On Thu, 3 Mar 2005 02:16:03 -0500, George Georgalis <[EMAIL PROTECTED]> wrote:
>> I'm very defiantly seeing a problem with the 2.6.11
>> kernel and my spamassassin setup. However, it's not
>> clear exactly where the problem is, seems like sa
>> but it might be 2.6.11 with daemontools + qmail +
>> QMAIL_QUEUE.
>> 
>> I don't really have time to break down an analysis,
>> but I'm fairly certain. If anyone is experiencing
>> the problem please contact me on or off the list.
>> 
>> A sure sign of it is no logs (with debug) for remote
>> sa connections which score "0/0" and correct operation
>> with "cat spam.txt | spamc -R"; fix is to use the
>> older kernel.

Per request here are some logs, I will reboot into 2.6.11 if the
below dmesg doesn't give you details you need. These logs are from the
first sa failure I noticed. (The first timestamp colmn is my local
timezone, EST, it looks like SA logs in UTC)

This log entry indicates when I booted into 2.6.11:
2005-03-02 12:05:47.018334500 2005-03-02 17:05:47 [781] i: server killed by 
SIGTERM, shutting down

The following entry was a manual "cat spam.txt | spamc -R" the test
was done because sa stopped logging and startes scoring "0/0" for
everything, obviously the locat test worked:
2005-03-02 17:29:22.627607500 2005-03-02 22:29:22 [895] i: connection from 
sta.local [192.168.80.50] at port 36492


# connection to my QMAIL_QUEUE from tcpserver, spam is from 82.229.134.94:
2005-03-02 17:03:45.459533500 tcpserver: status: 0/4
2005-03-02 17:04:07.779403500 tcpserver: status: 1/4
2005-03-02 17:04:07.779409500 tcpserver: pid 4074 from 82.229.134.94
2005-03-02 17:04:09.373336500 tcpserver: ok 4074 sta.galis.org:192.168.80.50:25 
facultes-4-82-229-134-94.fbx.proxad.net:82.229.134.94::3682
2005-03-02 17:04:51.556172500 tcpserver: status: 2/4
2005-03-02 17:04:51.556179500 tcpserver: pid 4075 from 209.61.182.217
2005-03-02 17:04:51.557168500 tcpserver: ok 4075 sta.galis.org:192.168.80.50:25 
rince.africaninspace.com:209.61.182.217::41362
2005-03-02 17:04:51.959217500 tcpserver: end 4075 status 0
2005-03-02 17:04:51.959224500 tcpserver: status: 1/4
2005-03-02 17:05:43.461588500 tcpserver: end 4074 status 0
2005-03-02 17:05:43.461595500 tcpserver: status: 0/4


# logs from sa
2005-03-02 11:06:43.353479500 2005-03-02 16:06:43 [899] i: checking message 
<[EMAIL PROTECTED]> for qmaild:1002.
2005-03-02 11:06:45.942978500 2005-03-02 16:06:45 [899] i: clean message 
(-0.8/4.0) for qmaild:1002 in 2.0 seconds, 3099 bytes.
2005-03-02 11:06:45.942987500 2005-03-02 16:06:45 [899] i: result: .  0 - 
GEO_TO scantime=2.0,size=3099,mid=<[EMAIL PROTECTED]>,autolearn=disabled
2005-03-02 11:30:49.192464500 2005-03-02 16:30:49 [900] i: connection from 
localhost [127.0.0.1] at port 33218
2005-03-02 11:30:49.206473500 2005-03-02 16:30:49 [900] i: checking message 
<[EMAIL PROTECTED]> for qmaild:1002.
2005-03-02 11:30:51.826020500 2005-03-02 16:30:51 [900] i: clean message 
(0.1/4.0) for qmaild:1002 in 2.0 seconds, 4223 bytes.
2005-03-02 11:30:51.826030500 2005-03-02 16:30:51 [900] i: result: .  0 - TW_XM 
scantime=2.0,size=4223,mid=<[EMAIL PROTECTED]>,autolearn=disabled
2005-03-02 11:59:45.509284500 2005-03-02 16:59:45 [898] i: connection from 
localhost [127.0.0.1] at port 33227
2005-03-02 11:59:45.521365500 2005-03-02 16:59:45 [898] i: checking message 
<[EMAIL PROTECTED]> for qmaild:1002.
2005-03-02 11:59:49.097678500 2005-03-02 16:59:49 [898] i: clean message 
(-0.8/4.0) for qmaild:1002 in 4.0 seconds, 2652 bytes.
2005-03-02 11:59:49.097689500 2005-03-02 16:59:49 [898] i: result: .  0 - 
GEO_TO scantime=4.0,size=2652,mid=<[EMAIL PROTECTED]>,autolearn=disabled
2005-03-02 12:05:47.018334500 2005-03-02 17:05:47 [781] i: server killed by 
SIGTERM, shutting down
2005-03-02 12:09:24.358948500 2005-03-02 17:09:24 [810] i: server started on 
port 783/tcp (running version 3.0.2)
2005-03-02 12:09:24.380867500 2005-03-02 17:09:24 [810] i: server successfully 
spawned child process, pid 895
2005-03-02 12:09:24.380876500 2005-03-02 17:09:24 [810] i: server successfully 
spawned child process, pid 896
2005-03-02 12:09:24.381256500 2005-03-02 17:09:24 [810] i: server successfully 
spawned child process, pid 897
2005-03-02 17:29:22.627607500 2005-03-02 22:29:22 [895] i: connection from 
sta.local [192.168.80.50] at port 36492
2005-03-02 17:29:22.650336500 2005-03-02 22:29:22 [895] i: checking message 
<[EMAIL PROTECTED]@huhmail.com> for geo:1002.
2005-03-02 17:29:26.252961500 2005-03-02 22:29:26 [895] i: identified spam 
(33.3/4.0) for geo:1002 in 4.0 seconds, 2371 bytes.
2005-03-02 17:29:26.252970500 2005-03-02 22:29:26 [895] i: result: Y 33 - 
GEO_BAD_TO,GEO_LIST_TO,HELO_DYNAMIC_IPADDR,MIME_BOUND_DD_DIGITS,RATWARE_RCVD_AT,SARE_HEAD_MIME_PROD,SARE_MSGID_DBL_AT,SARE_RAND_2,SARE_RAND_2W,UNRESOLVED_TEMPLATE,URIBL_SBL,X_MESSAGE_INFO
 scantime=4.0,size=2371,mid=<[EMAIL PROTECTED]@huhmail.com>,autolearn=disabled
## end of current at Wed Mar  2 20: