Bug 145561 - httpd, by default, does not send email using perl scripts?
httpd, by default, does not send email using perl scripts?
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: policy (Show other bugs)
3
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Russell Coker
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-01-19 14:05 EST by Sol
Modified: 2007-11-30 17:10 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-09-05 03:39:03 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Sol 2005-01-19 14:05:54 EST
Description of problem:
With the default installation of Fedora fc3 [with all updates], the 
webserver daemon httpd cannot send emails using perl scripts. 
Shouldn't httpd be allowed by default to send emails using perl 
scripts? The following errors are reported in the log files:

/var/log/httpd/error_log
[Wed Jan 19 10:23:28 2005] [error] [client 192.168.1.3] Program mode 
requires special privileges, e.g., root or TrustedUser.

/var/log/messages
Jan 19 10:28:16 bugzilla kernel: audit(1106159296.344:0): avc:  
denied  { search } for  pid=6250 exe=/usr/sbin/sendmail.sendmail 
name=spool dev=md0 ino=24707108 
scontext=user_u:system_r:httpd_sys_script_t 
tcontext=system_u:object_r:var_spool_t tclass=dir
Jan 19 10:28:16 bugzilla kernel: audit(1106159296.344:0): avc:  
denied  { create } for  pid=6250 exe=/usr/sbin/sendmail.sendmail 
scontext=user_u:system_r:httpd_sys_script_t 
tcontext=user_u:system_r:httpd_sys_script_t tclass=unix_dgram_socket


~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~
Version-Release number of selected component (if applicable):
kernel-smp-2.6.10-1.741_FC3
selinux-policy-targeted-1.17.30-2.72
sendmail-8.13.1-2
httpd-2.0.52-3.1
perl-5.8.5-9


~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~
How reproducible:
Everytime


~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~
Steps to Reproduce:
The webserver is set to execute perl scripts for the virtual host as 
reported in /etc/httpd/conf/httpd.conf
<Directory /var/www/example.com/html>
	Options +FollowSymLinks +Indexes +Includes +ExecCGI
	# Other configuration parameters

</Directory>

Sample perl script to send email similar to that of bugzilla
[root@bugzilla bugzilla] cat /var/www/example.com/html/test.cgi
#!/usr/bin/perl -w

$message = "From: bugzilla-admin-daemon\nTo: 
user\@example.com\nSubject:  Bugzilla Change Password Request\n\nYou 
(or someone impersonating you) has requested to change your 
Bugzilla\npassword.  To change your password, visit the following 
link:\nEnd of email.\n\n";

print "Content-Type: text/html; charset=ISO-8859-1\n\n";
print "------------------------------------------\n";

open SENDMAIL, "|/usr/lib/sendmail -t -i";
print SENDMAIL $message;
close SENDMAIL;

print "------------------------------------------\n";
print "Mail Sent\n";


[root@bugzilla bugzilla]# ls -Z test.cgi
-rwxr-x---  root     apache   
system_u:object_r:httpd_sys_content_test.cgi


webserver output as reported by the browser
------------------------------------------
can not chdir(/var/spool/clientmqueue/): Permission denied
------------------------------------------
Mail Sent


~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~  
Actual results:
The webserver executes the perl scripts and silently ignores sending 
the email.


~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~
Expected results:
WebServer daemon httpd running with regular user "apache" should be 
able to send emails using perl scripts?


~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~
Additional info:
Comment 1 Daniel Walsh 2005-01-19 16:53:36 EST
Newer policy should handle this, You may need to relabel 
sendmail though.

Update policy and then
rpm -q -l sendmail | restorecon -R -v -f -

Note You need to log in before you can comment on or make changes to this bug.