Menu
▾
▴
Re: [SM-PLUGINS] server side filter plugin problem
|
From: Bu X. <bus...@gm...> - 2013-06-27 07:58:35
|
On 2013-6-27 15:50, Paul Lesniewski wrote:
> On Thu, Jun 27, 2013 at 12:36 AM, Bu Xiaobing <bus...@gm...> wrote:
>> On 2013-6-27 15:14, Paul Lesniewski wrote:
>>> On Thu, Jun 27, 2013 at 12:09 AM, Bu Xiaobing <bus...@gm...> wrote:
>>>> On 2013-6-25 7:14, Paul Lesniewski wrote:
>>>>>> I think the problem with setgroups(0, NULL): Operation not permitted has
>>>>>> been resolved.
>>>>>
>>>>> If you don't say *how* -- explain carefully what you changed, what
>>>>> your current settings are, then you leave us to guess. This is
>>>>> frustrating and you are less likely to receive any help this way.
>>>>>
>>>>>> At the first time I set
>>>>>> 'SUID_LOCATION' => array('VALUE' =>
>>>>>> '/var/www/html/webmail/plugins/server_settings_backend/suid_backend/squirrelmail_server_settings_suid_backend'),
>>>>>>
>>>>>> I find in the /var/www/html/webmail/plugins/server_settings_backend also has
>>>>>> a squirrelmail_server_settings_suid_backend, and the file permission is
>>>>>> -rwsr-xr-x.
>>>>>>
>>>>>> So I change the SUID_LOCATION value to
>>>>>> /var/www/html/webmail/plugins/server_settings_backend/squirrelmail_server_settings_suid_backend
>>>>>
>>>>> The only examples I can find point to the server_settings_backend
>>>>> directory. The copy of the suid_wrapper in the suid_backend directory
>>>>> shouldn't be used in your configuration. (I believe this is your
>>>>> oversight, unless you can point out where there was a misleading
>>>>> example.)
>>>>>
>>>>>> But get another error "Remote file name cannot contain "/"" in the
>>>>>> /var/log/httpd/error_log.
>>>>>
>>>>> This is good in general. If you really need directory traversal
>>>>> (why?), read the docs on how to compile the suid wrapper. And once
>>>>> again, READ THE DOCS **BEFORE** you ask for help.
>>>>>
>>>>>> And if I set "$ssf_debug_server_settings_backend = 1" in the
>>>>>> server_side_filters/config.php, and after I click "Options->Message Filters"
>>>>>> on the web browser, the web page only display the following message:
>>>>>>
>>>>>> Unable to retrieve file from command
>>>>>> "/var/www/html/webmail/plugins/server_settings_backend/squirrelmail_server_settings_suid_backend
>>>>>> 'localhost' 'buxiaobing' 'get_file' '/home/buxiaobing/.mailfiter'
>>>>>> '/var/local/squirrelmail/attach/xo4HqZ6WpSq6iUazfx1TLAmw3SEg6p9D'"
>>>>>>
>>>>>> Can't understand why will it retrieve the
>>>>>> /var/local/squirrelmail/attach/xo4HqZ6WpSq6iUazfx1TLAmw3SEg6p9D file and
>>>>>> this file is not exist.
>>>>>>
>>>>>>
>>>>>> Bu Xiaobing
>>>>>
>>>>>
>>>>>
>>>>
>>>> Thanks for your help. I read the server_settings_backend/docs/SUID_BACKEND_ERRORS
>>>> and find the problems and it works now!
>>>
>>> Thanks for reading the docs. I'd just caution you again *against*
>>> allowing directory traversal. There is no reason you should need that
>>> and it is less secure.
>>>
>>
>> Do you mean I should not use SUID backend?
>
> I never said such a thing.
>
>> For now, I need SUID to save a kickoff file .forward
>> which contains "|exec /usr/bin/procmail || exit 75" at /home/USER,
>
> Let the wrapper obtain the user home directory. The SquirrelMail side
> (the filters plugin) should only pass the name of the file (.forward)
> and no path information.
>
>> So I can invoke procmail to do filter. And I compiled SUID
>> with --enable-auth=imap to do authentication.
>
>
I think I do as you suggest, the following is my server_side_filters/config.php
$filtering_kickoff_file = array(
'BACKEND' => 'local_file',
'ACCESS_TYPE' => array('VALUE' => 'SUID'),
'SUID_LOCATION' => array('VALUE' => '/var/www/html/webmail/plugins/server_settings_backend/squirrelmail_server_settings_suid_backend'),
'FILE' => array('VALUE' => '.forward'),
'PARSE_PATTERN' => array('VALUE' => '#^(\"\|exec /usr/bin/procmail \|\| exit 75\")$#m'),
'NEW_SETTING_TEMPLATE' => array('VALUE' => "\"|exec /usr/bin/procmail || exit 75\"\n"),
'PATTERN_GROUP_NUMBER' => array('VALUE' => 1),
'MAX_SEQUENTIAL_EMPTY_LINES' => 3,
'TREAT_AS_EMPTY_WHEN_NOT_FOUND' => array('VALUE' => 1),
// un-comment the following to add to the top of existing files
//'ADD_TO_TOP' => array('VALUE' => 1),
);
Bu Xiaobing
|
