6191 – failed to spawn...Insecure dependency...Util.pm

Bug 6191 - failed to spawn...Insecure dependency...Util.pm

Summary: failed to spawn...Insecure dependency...Util.pm

Status:	RESOLVED FIXED

Alias:	None

Product:	Spamassassin
Classification:	Unclassified
Component:	spamc/spamd (show other bugs)
Version:	3.3.0
Hardware:	All All

Importance:	P5 major
Target Milestone:	3.3.0
Assignee:	SpamAssassin Developer Mailing List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2009-09-02 10:37 UTC by Larry Rosenbaum
Modified:	2009-12-17 09:27 UTC (History)
CC List:	2 users (show)

Attachment	Type	Modified	Status	Actions	Submitter/CLA Status
untaints pyzor_options	patch			None	Mark Martinec
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Larry Rosenbaum 2009-09-02 10:37:23 UTC

SpamAssassin v3.0.0 alpha 2, Solaris 9 Sparc, Perl 5.8.8

I get the following log entries when trying to start spamd:

Sep  2 13:30:09 localhost spamd[8560]: logger: removing stderr method
Sep  2 13:30:39 localhost spamd[8560]: child process exited or timed out without signaling production of a PID file at /usr/local/bin/spamd line 2505.
Sep  2 13:30:49 localhost spamd[8563]: util: failed to spawn a process: Insecure dependency in exec while running with -T switch at /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Util.pm line 1528. at /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Util.pm line 1433.
Sep  2 13:30:49 localhost spamd[8562]: pyzor: [8563] error: exit 6

Comment 1 Mark Martinec 2009-09-02 13:07:02 UTC

Are you using any special options for pyzor in your config file?
Is any of the directories in your path or where pyzor resides world-writable?

Comment 2 Larry Rosenbaum 2009-09-02 13:42:10 UTC

(In reply to comment #1)
> Are you using any special options for pyzor in your config file?

Here are the pyzor options from local.cf:

use_pyzor               1
pyzor_path        /usr/local/bin/pyzor
pyzor_options     --homedir /etc/mail/spamassassin/.pyzor

These settings worked fine in v3.2.5.

> Is any of the directories in your path or where pyzor resides world-writable?

No.

Comment 3 Mark Martinec 2009-09-03 04:19:28 UTC

  Bug 6191: Plugin/Pyzor.pm, 'pyzor_options' was not untainted
Sending        lib/Mail/SpamAssassin/Plugin/Pyzor.pm
Committed revision 810895.

Comment 4 Mark Martinec 2009-09-03 04:37:24 UTC

Created attachment 4531 [details]
untaints pyzor_options

Please try the attached patch (or grab the current SVN head).

Comment 5 Larry Rosenbaum 2009-09-03 07:00:26 UTC

That fixes the taint problem, but I'm still getting an error:

Sep  3 09:26:54 localhost spamd[22192]: logger: removing stderr method
Sep  3 09:27:24 localhost spamd[22192]: child process exited or timed out without signaling production of a PID file at /usr/local/bin/spamd line 2505.
Sep  3 09:27:38 localhost spamd[22194]: pyzor: [22197] error: TERMINATED, signal 15 (000f)
Sep  3 09:27:46 localhost spamd[22194]: spamd: server started on port 783/tcp (running version 3.3.0-alpha2)

I am able to run Pyzor from the command line (I get a timeout error).

Comment 6 Mark Martinec 2009-09-17 10:20:58 UTC

> That fixes the taint problem, but I'm still getting an error:
> 
> Sep  3 09:26:54 localhost spamd[22192]: logger: removing stderr method
> Sep  3 09:27:24 localhost spamd[22192]: child process exited or timed out
> without signaling production of a PID file at /usr/local/bin/spamd line 2505.
> Sep  3 09:27:38 localhost spamd[22194]: pyzor: [22197] error: TERMINATED,
> signal 15 (000f)
> Sep  3 09:27:46 localhost spamd[22194]: spamd: server started on port 783/tcp
> (running version 3.3.0-alpha2)
> 
> I am able to run Pyzor from the command line (I get a timeout error).

Well, I don't see much that SA can do except abort the forked pyzor
process after 15 seconds if it doesn't reply in this time.

Get running the pyzor from a command line first, and only then try to
wrestle with a plugin after the basics are right. Perhaps the problem
is a firewall setting, or lack of a successful 'pyzor discover'.

Comment 7 Mark Martinec 2009-09-21 03:33:38 UTC

closing...

Comment 8 Larry Rosenbaum 2009-09-21 07:24:22 UTC

(In reply to comment #6)
> > That fixes the taint problem, but I'm still getting an error:
> > 
> > Sep  3 09:26:54 localhost spamd[22192]: logger: removing stderr method
> > Sep  3 09:27:24 localhost spamd[22192]: child process exited or timed out
> > without signaling production of a PID file at /usr/local/bin/spamd line 2505.
> > Sep  3 09:27:38 localhost spamd[22194]: pyzor: [22197] error: TERMINATED,
> > signal 15 (000f)
> > Sep  3 09:27:46 localhost spamd[22194]: spamd: server started on port 783/tcp
> > (running version 3.3.0-alpha2)
> > 
> > I am able to run Pyzor from the command line (I get a timeout error).
> Well, I don't see much that SA can do except abort the forked pyzor
> process after 15 seconds if it doesn't reply in this time.
> Get running the pyzor from a command line first, and only then try to
> wrestle with a plugin after the basics are right. Perhaps the problem
> is a firewall setting, or lack of a successful 'pyzor discover'.

I got the Pyzor problem fixed (it was the firewall):

ornl71# pyzor --homedir=/usr/local/spamassassin/.pyzor ping
public.pyzor.org:24441  (200, 'OK')

I'm no longer seeing the pyzor errors but I still get the "child process exited" when starting spamd:

ornl71# /etc/init.d/spamd start
child process exited or timed out without signaling production of a PID file at /usr/local/bin/spamd line 2505.

and from the log file:

Sep 21 09:55:22 localhost spamd[24972]: logger: removing stderr method
Sep 21 09:55:52 localhost spamd[24972]: child process exited or timed out without signaling production of a PID file at /usr/local/bin/spamd line 2505.
Sep 21 09:56:41 localhost spamd[24974]: spamd: server started on port 783/tcp (running version 3.3.0-alpha2)

Comment 9 Larry Rosenbaum 2009-09-21 08:06:52 UTC

After further analysis, the problem is that the daemonize() function has a loop that waits 30 seconds for the server to signal that it has started.  On my box (a slow box used for development) it takes almost a minute, so the loop times out and complains.

Comment 10 Mark Martinec 2009-09-21 08:12:06 UTC

Do we increase the timeout for the startup of spamd?

Comment 11 Justin Mason 2009-09-21 08:53:01 UTC

(In reply to comment #10)
> Do we increase the timeout for the startup of spamd?

sure, why not.  I can see the usefulness of that.

Comment 12 Mark Martinec 2009-09-21 09:22:58 UTC

Thanks Larry for tracking this down.


Bug 6191: takes almost a minute to start spamd on a
slow machine, bump up the retry counter to 90 seconds
Sending        spamd/spamd.raw
Committed revision 817311.

Comment 13 Mark Martinec 2009-12-17 09:10:51 UTC

According to Bug 6258, a forked fresh child can take 109 seconds to respond
to a parent process. I'm briefly re-opening this bug to document it,
and to bump up the timer to 180 seconds (3 minutes). I'm open to suggestions
on the exact value, I guess two minutes would probably be fine too.

Comment 14 Mark Martinec 2009-12-17 09:27:41 UTC

This one is trivial:

Bug 6191, Bug 6258: bump the timeout for a spawned spamd start to 3 minutes
Sending spamd/spamd.raw
Committed revision 891806.