bug-mailutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: converting from qpopper


From: Alain Magloire
Subject: Re: converting from qpopper
Date: Sat, 10 Nov 2001 11:29:35 -0500 (EST)

> 
> On Sat, Nov 10, 2001 at 10:09:25AM -0500, Alain Magloire wrote:
> 
> > > Fencepost is running qpopper and it's corrupting mail.  They will
> > > soon be running our pop3d.
> 
> > That's great, but you did not find the cause of the problem :)
> 
> Known bug in qmail, reproducable very easily.  I run the autobuilder
> for the Debian GNU/Hurd port, and it mails me the build logs for
> signing.  After a file gets to be about 200k, it truncates it too
> early.
> 
> The truncation happens even if the message isn't retrieved, because
> the bug occurs when qpopper puts the mailbox back into place.

Are you running out of quota or disk space?
Obviously, there are some disavantages on qpopper way of doing things. 
- Moving files around.
- Malicious user doing
  cat junk > <spoolfile>/.jbailey.pop

Altougth, I do beleive the new versions corrected some security
issues reported on Bugtraq a few years ago.  Which version is
on fencepost?

> 
> > The advantage to work on a second drop ".user.pop" is to lesser
> > the chance of corruptions and to permits new mail to come in
> > despite having a pop session active.
> 
> Isn't locking supposed to cope with that?


Locking is advisory.  If you do vi <spoolfile>/jbailey while there
is a POP session active that is asking for trouble.

Althought, we try to cope:
{
...
      /* The mailbox size needs to be check to make sure that we are in
         sync.  Some other applications may not respect the *.lock or
         the lock may be stale because downloading on slow modem.
         We rely on the size of the mailbox for the check and bail if out
         of sync.  */
      if (state == TRANSACTION && !mailbox_is_updated (mbox))
        {
          static off_t mailbox_size;
          off_t newsize = 0;
          mailbox_get_size (mbox, &newsize);
          /* Did we shrink?  First time save the size.  */
          if (!mailbox_size)
            mailbox_size = newsize;
          else if (newsize < mailbox_size) /* FIXME: Should it be a != ? */
            pop3d_abquit (ERR_MBOX_SYNC); /* Out of sync, Bail out.  */
        }

      /* Refresh the Lock.  */
      pop3d_touchlock ();
...
}

Actually , I think it was you that pointed out that according
to the RFC, the lock must be held the entire duration of the transaction? ;-)

The problem with the snippet above, is

          else if (newsize < mailbox_size) /* FIXME: Should it be a != ? */

We are trying to be smart by guessing that if the newsize is larger,
it is because a new mail was ___APPENDED___ to the mailbox so the offsets
maintained by the mailbox_t will still be sane and mailbox_expunge ()
will do the right thing (i.e. seeing that they was new mail when doing
the ftruncate()).

I do not remember the rationale behind this but it was a long exchange
between sergey.
I do not particularly like it and would prefer that if the mailbox lock
was not respected to bailout immediately without being smart.  If that
is a problem we could shorten the default timeout.






reply via email to

[Prev in Thread] Current Thread [Next in Thread]