Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 6 Nov 2005 14:25:38 +0300
From: Solar Designer <solar@...nwall.com>
To: bug@...cmail.org
Cc: xvendor@...ts.openwall.com
Subject: procmail mailbox truncation bug

Hi,

There's a really nasty bug in procmail, both 3.15.2 and 3.22 are affected.

The bug is basically that procmail, when running into a disk quota or a
full partition, would truncate the mailbox file back to its prior size
_after_ releasing the lock.  This has resulted in numerous mailbox
corruptions on a mail server I co-administer and a week ago I managed to
reproduce this on purpose (with several instances of procmail being the
only software accessing the mailbox).  After my fix, I am no longer
able to reproduce this and there have been no further mailbox corruptions
during this week, so the fix appears to work.

The patch can be found in our CVSweb:

http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/procmail/

It's procmail-3.22-owl-truncate.diff

No, it's not dirty, it just follows procmail's original coding style.
No added gotos, sorry.

The official fix might need to be slightly different to not rely on
ftruncate().

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments

Powered by blists - more mailing lists

Your e-mail address:

Please check out the xvendor mailing list charter.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ