chk%alias@csri.toronto.edu (C. Harald Koch) (11/29/90)
I was just applying the latest patches to ELM, after upgrading to 3.3.1. Suddenly elm was no longer able to read my mailbox! After long and detailed debugging, I eventually found the problem: ELM runs set group-id mail so that it can create lock files. This is a potential security hole, so ELM uses subprocesses to verify certain file access permissions using your real gid rather than your effective gid. This is to prevent users from getting access to files that are readable by the mail group (i.e. other users mailboxes). Under 3.3.1, ELM configuration detects the existence of vfork() and uses it instead of fork(). Then, in the child, ELM calls setgid() to set the group-id to your real group-id, performs the test, and exits with a status. The parent reads this status back. On most systems with vfork(), the two processes inherit the same address space, BUT DIFFERENT KERNEL U-AREAS. This means that the setgid() call doesn't affect the parent. Under IRIX, the vfork() call is actually implemented using sproc(), which is a more primitive way to get multiple processes. It DOES NOT give you a separate u-area. So the setgid() call affects the parent! As a result, the parent process is no longer set group-id mail, and so it cannot generate lock files in the mail directory! I discovered this quite accidentally; I was using DBX to attempt some debugging and found that vfork() confused DBX, so I recompiled elm to use fork() instead. Suddenly, everything worked fine! So I wrote a simple test program which runs set group-id, vforks, and does a setgid(getgid()) in the child. Sure enough, the group-id in the parent changes! vfork() also causes problems with Perl. I strongly suggest not using it at all, unless you *really* need the performance improvement that it gives. Whee! -- C. Harald Koch VE3TLA Alias Research, Inc., Toronto ON Canada chk%alias@csri.utoronto.ca chk@gpu.utcs.toronto.edu chk@chk.mef.org "Open the Zamboni! We're coming out!" - Kathrin Garland and Anson James, 2299