The good old "permission denied", the ignored group memberships, and a proposed solution

Henrik K hege at hege.li
Sun May 16 17:57:49 CEST 2021


On Sun, May 16, 2021 at 05:32:18PM +0200, Luc Pardon wrote:
> > 
> > Just copy code from SpamAssassin for example, it's worked for a
> > decade everywhere:
> 
> One would think that a decade would be plenty of time to get it copied
> over into amavisd <g>.
> 
> Seriously, thanks for the pointer. It makes interesting reading for
> somebody like me who is not a native Perl speaker.

Well, old lazy code is also a bad thing.  I already noticed there's suspect
matching, $members =~ /\b$user\b/ might falsely match group names containing
underscores (it's a word boundary..).  Fixed it to be more strict..

> > 
> > https://metacpan.org/release/Mail-SpamAssassin/source/lib/Mail/SpamAssassin/Util.pm
> > 
> > Have a look at get_user_groups() and setuid_to_euid() which sets $) /
> > $supgs.
> 
> The major problem that I have with assigning to $) is Perl bug RT
> #134169 :
> 
>     https://rt-archive.perl.org/perl5/Ticket/Display.html?id=134169

Thanks for the pointer, I'll see if something should be enhanced in SA.  The
codebase is already full of silly perl bug workarounds..



More information about the amavis-users mailing list