Re: kern/55675: ZFS mounts do not work with setuid programs

[Brad Spencer <brad%anduin.eldar.org@localhost>]

roy%marples.name@localhost writes:

>>Number:         55675
>>Category:       kern
>>Synopsis:       ZFS mounts do not work with setuid programs
>>Confidential:   no
>>Severity:       serious
>>Priority:       high
>>Responsible:    kern-bug-people
>>State:          open
>>Class:          sw-bug
>>Submitter-Id:   net
>>Arrival-Date:   Mon Sep 21 12:10:00 +0000 2020
>>Originator:     Roy Marples
>>Release:        9.99.73
>>Organization:
>>Environment:
> NetBSD cube.marples.name 9.99.73 NetBSD 9.99.73 (GENERIC) #2: Thu Sep 17 11:52:51 BST 2020  roy%cube.marples.name@localhost:/home/roy/src/hg/src/sys/arch/amd64/compile/obj.amd64/GENERIC amd64
>>Description:
> Setup /var/spool on ZFS.
> Send an email from a local user.
> Look at console or maillog for errors like so:
> postdrop: warning: mail_queue_enter: create file maildrop/899911.8834: Permission denied
>>How-To-Repeat:
> mailx -s test an.email@address < /tmp/email.message
>>Fix:
> mounting /var/spool/postfix/postdrop as tmpfs solves the issue

I don't have a fix and won't be able to look for one in the near future,
but I did test for this problem.

The problem is actually with setgid, not setuid.  For postfix, postdrop
is setgid maildrop and relies upon being able to write to
/var/spool/postfix/maildrop in the usual manor when only the group wx
bits are set on that directory.  This is what does not work as expected
with a ZFS fileset.

I also tested setuid in a simular situation and it actually works as
expected.

A workaround for Postfix would be to set the read bit on
/var/spool/postfix/maildrop along with write and excute.  I don't know
the security implications of doing that, but that should work.


-- 
Brad Spencer - brad%anduin.eldar.org@localhost - KC8VKS - http://anduin.eldar.org