[Bug 1373560] Re: /etc/cron.daily/spamassassin calls sa-update with potentially incorrect umask

Roger Cornelius rac at tenzing.org
Fri Sep 26 23:06:09 UTC 2014 

On 09/26/2014 08:21, Robie Basak wrote:
> > In my opinion, amavis's ability to read the ruleset created by sa-update
> should not rely on the default umask being in effect when sa-update was
> run.
> 
> Agreed. I just wanted to understand the proportion of users who might be
> affected.
> 
> This needs to be investigated in Debian.


Thank you.  I don't know if it's relevant, but this problem was not
present on 12.04LTS and only appeared after I upgraded to 14.04LTS.

If I can do anything else to help, let me know.

Roger


> 
> ** Changed in: spamassassin (Ubuntu)
>    Importance: Undecided => Medium
> 
> -- 
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1373560
> 
> Title:
>   /etc/cron.daily/spamassassin calls sa-update with potentially
>   incorrect umask
> 
> Status in ???spamassassin??? package in Ubuntu:
>   New
> 
> Bug description:
>   ubuntu 14.04.1 LTS 
>   Packages:
>   spamassassin (3.4.0-1ubuntu1)
>   amavisd-new (1:2.7.1-2ubuntu3)
> 
>   This report has to do with a problem between the interaction of the
>   spamassassin and amavisd-new packages, but the problem is with
>   /etc/cron.daily/spamassassin.
> 
>   /etc/cron.daily/spamassassin executes the following line:
> 
>   su - debian-spamd -c "sa-update --gpghomedir /var/lib/spamassassin/sa-
>   update-keys"
> 
>   Since su is invoked with the "-" option, sa-update executes with the
>   default umask of user debian-spamd.  In my case that is 007, causing
>   the updated rules , i.e.
>   /var/lib/spamassassin/3.004000/updates_spamassassin_org.cf and
>   /var/lib/spamassassin/3.004000/updates_spamassassin_org/*, to be
>   created with no read access for "other".  When amavis is restarted, it
>   is unable to read the spamassassin rules, and consequently
>   spamassassin rule checks are not performed on received mail.
> 
>   It appears someone attempted to correct this by adding the line:
> 
>   umask 022
> 
>   immediately above the call to su mentioned above.  This in ineffectual
>   however due to su being called with "-".  A fix is to change the above
>   su call to this line:
> 
>   su - debian-spamd -c "umask 022; sa-update --gpghomedir
>   /var/lib/spamassassin/sa-update-keys"
> 
>   A file with the output of 'ubuntu-bug --save=/tmp/sa-bug spamassassin'
>   is attached.
> 
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/spamassassin/+bug/1373560/+subscriptions
>

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to spamassassin in Ubuntu.
https://bugs.launchpad.net/bugs/1373560

Title:
  /etc/cron.daily/spamassassin calls sa-update with potentially
  incorrect umask

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/spamassassin/+bug/1373560/+subscriptions

More information about the Ubuntu-server-bugs mailing list