git-svn: trunk@3174
Nigel Horne authored on 2007/08/19 01:12:27... | ... |
@@ -1,3 +1,7 @@ |
1 |
+Sat Aug 18 16:12:51 BST 2007 (njh) |
|
2 |
+---------------------------------- |
|
3 |
+ * clamav-milter: Black-hole-mode no longer needs to be run as root |
|
4 |
+ |
|
1 | 5 |
Sat Aug 18 13:25:52 BST 2007 (njh) |
2 | 6 |
---------------------------------- |
3 | 7 |
* libclamav/pdf.c: Bug 618, --block-max not always honoured |
... | ... |
@@ -33,7 +33,7 @@ |
33 | 33 |
*/ |
34 | 34 |
static char const rcsid[] = "$Id: clamav-milter.c,v 1.312 2007/02/12 22:24:21 njh Exp $"; |
35 | 35 |
|
36 |
-#define CM_VERSION "devel-130807" |
|
36 |
+#define CM_VERSION "devel-180807" |
|
37 | 37 |
|
38 | 38 |
#if HAVE_CONFIG_H |
39 | 39 |
#include "clamav-config.h" |
... | ... |
@@ -1176,12 +1176,6 @@ main(int argc, char **argv) |
1176 | 1176 |
#endif |
1177 | 1177 |
} |
1178 | 1178 |
|
1179 |
- if(black_hole_mode && (user->pw_uid != 0)) { |
|
1180 |
- fprintf(stderr, _("%s: You cannot use black hole mode unless you are root\n"), |
|
1181 |
- argv[0]); |
|
1182 |
- return EX_CONFIG; |
|
1183 |
- } |
|
1184 |
- |
|
1185 | 1179 |
setgid(user->pw_gid); |
1186 | 1180 |
|
1187 | 1181 |
if(setuid(user->pw_uid) < 0) |
... | ... |
@@ -1190,9 +1184,52 @@ main(int argc, char **argv) |
1190 | 1190 |
cli_dbgmsg(_("Running as user %s (UID %d, GID %d)\n"), |
1191 | 1191 |
cpt->strarg, (int)user->pw_uid, |
1192 | 1192 |
(int)user->pw_gid); |
1193 |
- } else if(!black_hole_mode) |
|
1194 |
- fprintf(stderr, _("%s: running as root is not recommended (check \"User\" in %s)\n"), argv[0], cfgfile); |
|
1195 | 1193 |
|
1194 |
+ if(black_hole_mode && (user->pw_uid != 0)) { |
|
1195 |
+ int are_trusted; |
|
1196 |
+ FILE *sendmail; |
|
1197 |
+ char cmd[128]; |
|
1198 |
+ |
|
1199 |
+ /* |
|
1200 |
+ * Determine if we're a "trusted user" |
|
1201 |
+ */ |
|
1202 |
+ snprintf(cmd, sizeof(cmd) - 1, "%s -bv root</dev/null 2>&1", |
|
1203 |
+ SENDMAIL_BIN); |
|
1204 |
+ |
|
1205 |
+ sendmail = popen(cmd, "r"); |
|
1206 |
+ |
|
1207 |
+ if(sendmail == NULL) { |
|
1208 |
+ perror(SENDMAIL_BIN); |
|
1209 |
+ are_trusted = 0; |
|
1210 |
+ } else { |
|
1211 |
+ char buf[BUFSIZ]; |
|
1212 |
+ |
|
1213 |
+ while(fgets(buf, sizeof(buf), sendmail) != NULL) |
|
1214 |
+ ; |
|
1215 |
+ switch(WEXITSTATUS(pclose(sendmail))) { |
|
1216 |
+ case EX_NOUSER: |
|
1217 |
+ /* |
|
1218 |
+ * No root? But at least |
|
1219 |
+ * we're trusted enough |
|
1220 |
+ * to find out! |
|
1221 |
+ */ |
|
1222 |
+ are_trusted = 1; |
|
1223 |
+ break; |
|
1224 |
+ default: |
|
1225 |
+ are_trusted = 0; |
|
1226 |
+ break; |
|
1227 |
+ case EX_OK: |
|
1228 |
+ are_trusted = 1; |
|
1229 |
+ } |
|
1230 |
+ } |
|
1231 |
+ if(!are_trusted) { |
|
1232 |
+ fprintf(stderr, _("%s: You cannot use black hole mode unless you are a TrustedUser\n"), |
|
1233 |
+ argv[0]); |
|
1234 |
+ return EX_CONFIG; |
|
1235 |
+ } |
|
1236 |
+ } |
|
1237 |
+ } else |
|
1238 |
+ logg(_("^%s: running as root is not recommended (check \"User\" in %s)\n"), argv[0], cfgfile); |
|
1196 | 1239 |
} else if(iface) { |
1197 | 1240 |
fprintf(stderr, _("%s: Only root can set an interface for --broadcast\n"), argv[0]); |
1198 | 1241 |
return EX_USAGE; |
... | ... |
@@ -2927,6 +2964,9 @@ clamfi_envrcpt(SMFICTX *ctx, char **argv) |
2927 | 2927 |
smfi_setreply(ctx, "554", "5.7.1", _("Suspicious recipient address blocked")); |
2928 | 2928 |
logg("^Suspicious recipient address blocked: '%s'", to); |
2929 | 2929 |
privdata->to[privdata->numTo] = NULL; |
2930 |
+ /* |
|
2931 |
+ * REJECT rejects this recipient, not the entire email |
|
2932 |
+ */ |
|
2930 | 2933 |
return SMFIS_REJECT; |
2931 | 2934 |
} |
2932 | 2935 |
|
... | ... |
@@ -6365,10 +6405,10 @@ black_hole(const struct privdata *privdata) |
6365 | 6365 |
must_scan = (*to) ? 0 : 1; |
6366 | 6366 |
|
6367 | 6367 |
for(; *to; to++) { |
6368 |
- char cmd[128]; |
|
6369 | 6368 |
FILE *sendmail; |
6369 |
+ char cmd[128]; |
|
6370 | 6370 |
|
6371 |
- snprintf(cmd, sizeof(cmd) - 1, "%s -bv \"%s\" < /dev/null 2>&1", |
|
6371 |
+ snprintf(cmd, sizeof(cmd) - 1, "%s -bv \"%s\"</dev/null 2>&1", |
|
6372 | 6372 |
SENDMAIL_BIN, *to); |
6373 | 6373 |
|
6374 | 6374 |
cli_dbgmsg("Calling %s\n", cmd); |
... | ... |
@@ -298,12 +298,16 @@ Since \fIsendmail\fR calls its milters before it looks in its alias and virtuser |
298 | 298 |
tables, clamav-milter can spend time looking for malware that's going to be |
299 | 299 |
thrown away even if the message is clean. |
300 | 300 |
.IP |
301 |
-Enable this to not scan these messages (in practice clamav\-milter will discard |
|
301 |
+Enabling this stops these messages from being scanned |
|
302 |
+(in practice clamav\-milter will discard |
|
302 | 303 |
these messages so the message doesn't go further down the milter call chain). |
303 | 304 |
.IP |
304 |
-Sadly, these days sendmail \-bv only works as root, |
|
305 |
-so this option is not compatible with the User directive in clamd.conf, |
|
306 |
-which some may view as a security risk. |
|
305 |
+To enable this mode clamav-milter must have certain sendmail rights: |
|
306 |
+it needs to run as a TrustedUser as defined by \fIsendmail\fR |
|
307 |
+(see http://www.sendmail.org/m4/tweaking_config.html) |
|
308 |
+by the use of the User directive in clamd.conf, |
|
309 |
+the clamav user must be able read the mail queue (often /var/spool/mqueue), |
|
310 |
+and AllowSupplementaryGroups must be enabled in clamd.conf. |
|
307 | 311 |
Only enable this if your site has many addresses aliased to /dev/null. |
308 | 312 |
.SH "BUGS" |
309 | 313 |
There is no support for IPv6. |
... | ... |
@@ -315,4 +319,4 @@ clamav\-milter \-o local:/var/run/clamav/clmilter.sock |
315 | 315 |
Nigel Horne <njh@bandsman.co.uk> |
316 | 316 |
.SH "SEE ALSO" |
317 | 317 |
.LP |
318 |
-sendmail(1), clamd(8), clamscan(1), freshclam(1), sigtool(1), clamd.conf(5), hosts_access(5) |
|
318 |
+clamd(8), clamscan(1), freshclam(1), sigtool(1), clamd.conf(5), hosts_access(5), sendmail(8) |