1032503 – smrsh running perl file that attempts to write or append to a file

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1032503 - smrsh running perl file that attempts to write or append to a file

Summary: smrsh running perl file that attempts to write or append to a file

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	sendmail
Sub Component:
Version:	6.4
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Jaroslav Škarvada
QA Contact:	qe-baseos-daemons
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-11-20 10:13 UTC by anthony.gladdish
Modified:	2015-02-04 11:37 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-02-04 11:37:48 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description anthony.gladdish 2013-11-20 10:13:08 UTC

Description of problem:

Smrsh is receiving mail sent to a specific mail alias, which in turn runs my perl script, but get the error "Unknown mailer error 13" in maillog.
Perl script bombs out when attempting to open a file for writing or appending.
There’s enough disk space and permissions seem adequate.
I suspect it’s a bug.


Version-Release number of selected component (if applicable):

RHEL 6.4
Perl 5.10.1
sendmail 8.14.4.8.el6


How reproducible:

Add aliases to 
#vi /etc/aliases
test_jm_res: "|/etc/smrsh/perl /etc/smrsh/test_jm_res.pl"
#newaliases
#service sendmail restart

Create symbolic links:
#ls -la /etc/smrsh/
lrwxrwxrwx.  1 root root   31 Nov  8 09:44 test_jm_res.pl -> /opt/test_jm_res/test_jm_res.pl
lrwxrwxrwx.  1 root root   13 Oct 24 13:32 perl -> /usr/bin/perl

#ls -la /opt/test_jm_res/
drwxrwxr-x. 2 root mail 4096 Nov  8 10:01 .
drwxr-xr-x. 7 root root 4096 Nov  8 09:33 ..
-rwxr-xr-x. 1 root root  603 Nov  8 10:01 test_jm_res.pl
-rwxrwxrwx. 1 root root    0 Nov  8 09:50 test_jm_res_stderr

Create perl script:
#touch /opt/test_jm_res/test_jm_res.pl

#!/etc/smrsh/perl

use strict;
use warnings;

my $test_jm_res_stderr = '/opt/test_jm_res/test_jm_res_stderr';

# get email response:
my $msg_response;
while (<STDIN>) {
    $msg_response .= $_;
};

# bombing out here:
open (MYFILE2, ">>$test_jm_res_stderr") || die "File does not exist\n";
print MYFILE2 "debug: $@ \n";
close(MYFILE2);


Actual results:

Get the error "stat=unknown mailer error 13" in maillog.


Expected results:

Expect message reponse sent to aliases, to be written to supplied custom log file /opt/test_jm_res/test_jm_res_stderr, but it is empty.


Regards,
Anthony Gladdish

Comment 3 Jaroslav Škarvada 2015-02-04 11:37:48 UTC

Hi,

there are probably two problems blocking your perl script from working as expected:

1. Your script needs write access to /opt/test_jm_res. In default configuration it is run under 'mail' user, so the following should give it write access:
# chown mail /opt/test_jm_res
# chmod u+w /opt/test_jm_res

2. Creating/writing file under /opt triggered by incoming email is potentially dangerous operation which can be result of e.g. successful exploitation of mail server, thus it is blocked by selinux in default configuration. The best and easiest fix is to move the log file to e.g. /var/tmp, or you can create your own selinux rule (module) for it, or (not recommended) disable selinux.

By fixing these two things in the setup, it works correctly, thus closing.

Note You need to log in before you can comment on or make changes to this bug.