Re: [2.6.25-rc5-mm1] regression: cannot run Postfix sendmail commandas non-root

From: Tilman Schmidt
Date: Mon Mar 17 2008 - 09:36:47 EST


Benjamin Thery schrieb:
While googling for the error string, I found this link which report
the same kind of
error when Postfix is used with grsecurity (in 2006):

http://blog.jensthebrain.de/archives/2006/12/11/IPv6-Probleme-mit-Postfix-und-grsecurity

I barely understand German so I'm not sure it is related to your problem.

The userspace failure described there is indeed the same as mine:
Postfix' sendmail command tries to open "/proc/net/if_inet6"
which fails with EACCES.

But I have never installed grsecurity on this machine, and the
problem appeared for me only with kernel 2.6.25-rc5-mm1, not when
running kernel 2.6.25-rc5 on the same machine, so I guess the
cause must be something different.

What's also strange is that I can "cat /proc/net/if_inet6" from
the command line as the same non-root user with no problem at all.
strace of "cat /proc/net/if_inet6" has:

open("/proc/net/if_inet6", O_RDONLY|O_LARGEFILE) = 3

strace of "/usr/sbin/sendmail", however:

open("/proc/net/if_inet6", O_RDONLY) = -1 EACCES (Permission denied)

Both run as

ts@xenon:~> id
uid=1000(ts) gid=100(users) groups=0(root),14(uucp),16(dialout),33(video),100(users),112(bacula)

HTH
T.

--
Tilman Schmidt E-Mail: tilman@xxxxxxx
Bonn, Germany
Diese Nachricht besteht zu 100% aus wiederverwerteten Bits.
Ungeöffnet mindestens haltbar bis: (siehe Rückseite)

Attachment: signature.asc
Description: OpenPGP digital signature