Ubuntu
spamassassin package

Bug #1373560
Comment #5

Comment 5 for bug 1373560

Revision history for this message

Roger Cornelius (rac-3) wrote on 2014-09-26: Re: [Bug 1373560] Re: /etc/cron.daily/spamassassin calls sa-update with potentially incorrect umask

On 09/26/2014 08:21, Robie Basak wrote:
> > In my opinion, amavis's ability to read the ruleset created by sa-update
> should not rely on the default umask being in effect when sa-update was
> run.
>
> Agreed. I just wanted to understand the proportion of users who might be
> affected.
>
> This needs to be investigated in Debian.

Thank you. I don't know if it's relevant, but this problem was not
present on 12.04LTS and only appeared after I upgraded to 14.04LTS.

If I can do anything else to help, let me know.

Roger

>
> ** Changed in: spamassassin (Ubuntu)
> Importance: Undecided => Medium
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1373560
>
> Title:
> /etc/cron.daily/spamassassin calls sa-update with potentially
> incorrect umask
>
> Status in ???spamassassin??? package in Ubuntu:
> New
>
> Bug description:
> ubuntu 14.04.1 LTS
> Packages:
> spamassassin (3.4.0-1ubuntu1)
> amavisd-new (1:2.7.1-2ubuntu3)
>
> This report has to do with a problem between the interaction of the
> spamassassin and amavisd-new packages, but the problem is with
> /etc/cron.daily/spamassassin.
>
> /etc/cron.daily/spamassassin executes the following line:
>
> su - debian-spamd -c "sa-update --gpghomedir /var/lib/spamassassin/sa-
> update-keys"
>
> Since su is invoked with the "-" option, sa-update executes with the
> default umask of user debian-spamd. In my case that is 007, causing
> the updated rules , i.e.
> /var/lib/spamassassin/3.004000/updates_spamassassin_org.cf and
> /var/lib/spamassassin/3.004000/updates_spamassassin_org/*, to be
> created with no read access for "other". When amavis is restarted, it
> is unable to read the spamassassin rules, and consequently
> spamassassin rule checks are not performed on received mail.
>
> It appears someone attempted to correct this by adding the line:
>
> umask 022
>
> immediately above the call to su mentioned above. This in ineffectual
> however due to su being called with "-". A fix is to change the above
> su call to this line:
>
> su - debian-spamd -c "umask 022; sa-update --gpghomedir
> /var/lib/spamassassin/sa-update-keys"
>
> A file with the output of 'ubuntu-bug --save=/tmp/sa-bug spamassassin'
> is attached.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/spamassassin/+bug/1373560/+subscriptions
>

On 09/26/2014 08:21, Robie Basak wrote:
> > In my opinion, amavis's ability to read the ruleset created by sa-update
> should not rely on the default umask being in effect when sa-update was
> run.
> 
> Agreed. I just wanted to understand the proportion of users who might be
> affected.
> 
> This needs to be investigated in Debian.

Thank you.  I don't know if it's relevant, but this problem was not
present on 12.04LTS and only appeared after I upgraded to 14.04LTS.

If I can do anything else to help, let me know.

Roger

> 
> ** Changed in: spamassassin (Ubuntu)
>    Importance: Undecided => Medium
> 
> -- 
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1373560
> 
> Title:
>   /etc/cron.daily/spamassassin calls sa-update with potentially
>   incorrect umask
> 
> Status in ???spamassassin??? package in Ubuntu:
>   New
> 
> Bug description:
>   ubuntu 14.04.1 LTS 
>   Packages:
>   spamassassin (3.4.0-1ubuntu1)
>   amavisd-new (1:2.7.1-2ubuntu3)
> 
>   This report has to do with a problem between the interaction of the
>   spamassassin and amavisd-new packages, but the problem is with
>   /etc/cron.daily/spamassassin.
> 
>   /etc/cron.daily/spamassassin executes the following line:
> 
>   su - debian-spamd -c "sa-update --gpghomedir /var/lib/spamassassin/sa-
>   update-keys"
> 
>   Since su is invoked with the "-" option, sa-update executes with the
>   default umask of user debian-spamd.  In my case that is 007, causing
>   the updated rules , i.e.
>   /var/lib/spamassassin/3.004000/updates_spamassassin_org.cf and
>   /var/lib/spamassassin/3.004000/updates_spamassassin_org/*, to be
>   created with no read access for "other".  When amavis is restarted, it
>   is unable to read the spamassassin rules, and consequently
>   spamassassin rule checks are not performed on received mail.
> 
>   It appears someone attempted to correct this by adding the line:
> 
>   umask 022
> 
>   immediately above the call to su mentioned above.  This in ineffectual
>   however due to su being called with "-".  A fix is to change the above
>   su call to this line:
> 
>   su - debian-spamd -c "umask 022; sa-update --gpghomedir
>   /var/lib/spamassassin/sa-update-keys"
> 
>   A file with the output of 'ubuntu-bug --save=/tmp/sa-bug spamassassin'
>   is attached.
> 
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/spamassassin/+bug/1373560/+subscriptions
>

Ubuntuspamassassin package

Comment 5 for bug 1373560

Ubuntu
spamassassin package