Roderick Schertler <roderick(_at_)argon(_dot_)org> wrote:
On Fri, 18 Apr 1997 18:43:34 -0500, Philip Guenther
<guenther(_at_)gac(_dot_)edu> said:
After staring at it and running it under gdb to make sure, I'll agree
that with a [775] spool dir, procmail fails to use it group mail
privileges to create a lockfile, if, but only if, you have kernel
locking methods compiled in.
I looked at that code a half dozen times without noticing that, I was
reading right through the "#ifndef fdlock". Thanks.
Procmail will instead use them, and thus mailboxes may still avoid
corruption that way. However you got me why procmail doesn't take a
stab at setgid'ing and attempting the lock. You'll have to ask
Stephen.
Stephen is getting senile, apparently. In a vain attempt to finally
fix this silly mess about fallback kernel-locks for "impossible"
dotlocks, I managed to mess it up yet again.
So, I think the following HISTORY file entry should finally become
reality after applying the patch included at the bottom of this mail
(to v3.11pre7, which has just been released):
- Finally fixed this mess with transparent backup to kernel
locking methods when the spool directory is not writable
moment. Right at the top of procmail.c it says that it's happy to run
setgid mail with a non-world-writable mail spool, it doesn't make sense
to pretend this isn't the case just because the kernel supports locking.
I think for my purposes I'm just going to tell procmail not to use
kernel locking, I don't think it buys anything over sentinel file
locking for this application anyway.
True.
Index: locking.c
===================================================================
RCS file: /var/lib/cvs/procmail/src/locking.c,v
retrieving revision 1.47
diff -u -r1.47 locking.c
--- locking.c 1997/04/03 01:58:44 1.47
+++ locking.c 1997/04/28 10:42:43
@@ -29,14 +29,14 @@
return;
if(!strcmp(name,defdeflock)) /* is it the system mailbox lockfile? */
{ locktype=doCHECK|doLOCK;
+ if(sgid!=gid&&setegid(sgid)) /* try and get some extra permissions */
#ifndef fdlock
- if(!accspooldir)
- { yell("Bypassed locking",name);
- return;
- }
- else
+ if(!accspooldir)
+ { yell("Bypassed locking",name);
+ return;
+ }
#endif
- setegid(sgid); /* try and get some extra permissions */
+ ;
}
name=tstrdup(name); /* allocate now, so we won't hang on memory *and* lock */
for(lcking|=lck_LOCKFILE;;)
--
Sincerely,
srb(_at_)cuci(_dot_)nl
Stephen R. van den Berg (AKA BuGless).
WARNING: Do not look into laser with remaining eye