[exim-dev] [Bug 2275] New: MIME ACL prematurely releases spo…

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 2275] New: MIME ACL prematurely releases spool data file lock
https://bugs.exim.org/show_bug.cgi?id=2275

            Bug ID: 2275
           Summary: MIME ACL prematurely releases spool data file lock
           Product: Exim
           Version: 4.91
          Hardware: x86
                OS: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Content Scanning
          Assignee: tom@???
          Reporter: tstewart@???
                CC: exim-dev@???


My systems are still experiencing cutthrough/queue runner races even after
applying the fix for bug 2273 (with identical symptoms), so I dug further. I
found that using a MIME ACL effectively unlocks the spool data file earlier
than intended.

When a MIME ACL is enabled, receive_msg() calls run_mime_acl(), which calls
spool_mbox() to create a separate mbox-style message file for MIME scanning.
spool_mbox() open()s and close()s the spool data file to generate the mbox
file. Unfortunately, even though a different file descriptor used, advisory
locks set with fcntl() are released whey *any* fd referring to a specific file
is closed. From fcntl(2) on Linux:

       As well as being removed by an explicit F_UNLCK, record locks are auto‐
       matically released when the process terminates or if it closes any file
       descriptor referring to a file on which locks are held.  This  is  bad:
       it  means  that a process can lose the locks on a file like /etc/passwd
       or /etc/mtab when for some reason a library function decides  to  open,
       read and close it.


Once I disabled our MIME ACL, preventing the early close(), the race
disappeared.

I believe this bug occurs whether or not cutthrough delivery is enabled, and
was simply more visible with cutthrough since unlink()ing the data file is the
common case. (The bug is also more dangerous since a delivery is already in
progress with cutthrough).

There are other uses in the source of spool_mbox(), but I have not searched for
other places where its use might release locks earlier than intended.

(As an aside, I don't think it makes sense to use a MIME ACL when cutthrough is
enabled, but perhaps there is a scenario I've missed. If I'm right, should
Exim complain like it does for header modification in data ACLs?)

--
You are receiving this mail because:
You are on the CC list for the bug.