From: Jamie C. <jca...@we...> - 2008-10-17 15:53:05
|
On 17/Oct/2008 01:51 Remien, Carsten wrote .. <blockquote type="cite"> <tt>Hello Jamie,<br /> <br /> <br /> Jamie Cameron schrieb:</tt> <blockquote type="cite" cite="mid:122...@we..."> <pre><tt>So if you install Virtualmin from the script linked from <a href="http://www.webmin.com/vinstall.html" class="moz-txt-link-abbreviated">www.webmin.com/vinstall.html</a> , <br />a package containing procmail-wrapper will be installed.</tt></pre> </blockquote> <tt>No I haven't, when I read the first phrase regarding the script...<br /> <br /> ## snip ##<br /> <em>The installer should only be used on systems that are not currently running Webmin or hosting any websites.<br /> </em>## snip ##<br /> </tt></blockquote>Ok, that makes sense then ..<br /><blockquote type="cite"><tt> </tt> <blockquote type="cite" cite="mid:122...@we..."> <pre><tt> If you didn't use this script, you<br />can get it from the RPM at :<br /><br /><a href="http://software.virtualmin.com/gpl/centos/5/i386/procmail-wrapper-1.0-1.vm.i386.rpm" class="moz-txt-link-freetext">http://software.virtualmin.com/gpl/centos/5/i386/procmail-wrapper-1.0-1.vm.i386.rpm</a> </tt></pre> </blockquote> <tt>OK, I have used it for Debian:<br /> <a href="http://software.virtualmin.com/gpl/debian/dists/virtualmin-etch/main/binary-i386/procmail-wrapper_1.0-2_i386.deb" class="moz-txt-link-freetext">http://software.virtualmin.com/gpl/debian/dists/virtualmin-etch/main/binary-i386/procmail-wrapper_1.0-2_i386.deb</a><br /> </tt> <blockquote type="cite" cite="mid:122...@we..."> <pre><tt> and then change that mailbox_command line to : mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME then restart Postfix. </tt></pre> </blockquote> <tt>/bin/done</tt><tt> :-)<br /> <br /> <br /> But the issue is still existing:<br /> <br /> procmail: [17871] Fri Oct 17 10:35:48 2008<br /> procmail: Assigning "TRAP=/etc/webmin/virtual-server/procmail-logger.pl"<br /> procmail: Executing "/etc/webmin/virtual-server/lookup-domain.pl,carsten.web1"<br /> procmail: Assigning "VIRTUALMIN="<br /> Insecure $ENV{PATH} while running with -T switch at /etc/webmin/virtual-server/lookup-domain.pl line 12.<br /> procmail: Program failure (255) of "/etc/webmin/virtual-server/lookup-domain.pl"<br /> procmail: Executing "/usr/bin/test,,!=,"<br /> procmail: Non-zero exitcode (1) from "/usr/bin/test"<br /> procmail: No match on "/usr/bin/test != "<br /> procmail: Assigning "DROPPRIVS=yes"<br /> procmail: Assuming identity of the recipient, VERBOSE=off<br /> <br /> </tt></blockquote><tt>Yes, the really issue is that perl is switching to 'taint' mode, even though it is not being run setuid directly. The procmail-wrapper is supposed to set the real and effective user and group IDs to be the same, which should avoid this automatic switch to taint mode.<br /><br /><br />Could you add the following line to the top of </tt><tt>/etc/webmin/virtual-server/lookup-domain.pl , just after the #! line? It will write to the procmail.log a line showing which IDs Perl is really running as :<br /><br />print STDERR "<=$< >=$> (=$( )=$)\n";<br /><br />and then repeat the same line near the bottom of the script, just before the call to the exec function. Then let us know what appears in procmail.log when email arrives.<br /><br /> - Jamie<br /><br /></tt> |