Bug 145561 - httpd, by default, does not send email using perl scripts?
httpd, by default, does not send email using perl scripts?
Product: Fedora
Classification: Fedora
Component: policy (Show other bugs)
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Russell Coker
Ben Levenson
Depends On:
  Show dependency treegraph
Reported: 2005-01-19 14:05 EST by Sol
Modified: 2007-11-30 17:10 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-09-05 03:39:03 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Sol 2005-01-19 14:05:54 EST
Description of problem:
With the default installation of Fedora fc3 [with all updates], the 
webserver daemon httpd cannot send emails using perl scripts. 
Shouldn't httpd be allowed by default to send emails using perl 
scripts? The following errors are reported in the log files:

[Wed Jan 19 10:23:28 2005] [error] [client] Program mode 
requires special privileges, e.g., root or TrustedUser.

Jan 19 10:28:16 bugzilla kernel: audit(1106159296.344:0): avc:  
denied  { search } for  pid=6250 exe=/usr/sbin/sendmail.sendmail 
name=spool dev=md0 ino=24707108 
tcontext=system_u:object_r:var_spool_t tclass=dir
Jan 19 10:28:16 bugzilla kernel: audit(1106159296.344:0): avc:  
denied  { create } for  pid=6250 exe=/usr/sbin/sendmail.sendmail 
tcontext=user_u:system_r:httpd_sys_script_t tclass=unix_dgram_socket

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
The webserver is set to execute perl scripts for the virtual host as 
reported in /etc/httpd/conf/httpd.conf
<Directory /var/www/example.com/html>
	Options +FollowSymLinks +Indexes +Includes +ExecCGI
	# Other configuration parameters


Sample perl script to send email similar to that of bugzilla
[root@bugzilla bugzilla] cat /var/www/example.com/html/test.cgi
#!/usr/bin/perl -w

$message = "From: bugzilla-admin-daemon\nTo: 
user\@example.com\nSubject:  Bugzilla Change Password Request\n\nYou 
(or someone impersonating you) has requested to change your 
Bugzilla\npassword.  To change your password, visit the following 
link:\nEnd of email.\n\n";

print "Content-Type: text/html; charset=ISO-8859-1\n\n";
print "------------------------------------------\n";

open SENDMAIL, "|/usr/lib/sendmail -t -i";
print SENDMAIL $message;

print "------------------------------------------\n";
print "Mail Sent\n";

[root@bugzilla bugzilla]# ls -Z test.cgi
-rwxr-x---  root     apache   

webserver output as reported by the browser
can not chdir(/var/spool/clientmqueue/): Permission denied
Mail Sent

Actual results:
The webserver executes the perl scripts and silently ignores sending 
the email.

Expected results:
WebServer daemon httpd running with regular user "apache" should be 
able to send emails using perl scripts?

Additional info:
Comment 1 Daniel Walsh 2005-01-19 16:53:36 EST
Newer policy should handle this, You may need to relabel 
sendmail though.

Update policy and then
rpm -q -l sendmail | restorecon -R -v -f -

Note You need to log in before you can comment on or make changes to this bug.