Hello Andrew,
I have now tested a version of Exim 4.96 where I made adjustments to src/priv.c as per your recommendation:
sh-3.2# /usr/local/exim/bin/exim -q
2022-09-21 18:39:16.090 [7335] RIKJJJ-0005NK-2O priv_restore setgroups: Invalid argument
The error seems to derive from priv_restore.
Best regards
Lasse
Från: Andrew C Aitchison <andrew@???>
Datum: onsdag 21 september 2022 00:54
Till: Lasse Törngren via Exim-users <exim-users@???>
Ämne: Re: [exim] After upgrade to Exim 4.95 or 4.96: "setgroups: Invalid argument"
On Wed, 21 Sep 2022, Lasse Törngren via Exim-users wrote:
Hello Bill,
Many thanks for the input. It's beyond my skill level, but you absolutely point to where I can start digging.
One thing that might be useful is to change the lines
log_write(0, LOG_PANIC_DIE, "setgroups: %s", strerror(errno));
in src/priv.c, so that we can see whether the error is in
priv_drop_temp() or priv_restore().
Is that within your skillset ?
OK, I understand. Sad from my point of view, as this means that I will
never be able to upgrade Exim from now on?
This problem was caused by the 21nails patch, so neither staying with 4.94
nor blindly hacking 4.96 to make it run is an attractive option :-(
(Unless I pinpoint the bug myself.)
The root cause of this is that Apple has incrementally but persistently
made macOS less and less fit as a server platform and more dependent on
proprietary functionality with each of the last 10 or so releases. That
drives away developers of OSS who do cross-platform development.
In this case, I *think* the issue is that macOS routinely uses a
plethora of supplemental groups managed in OpenDirectory that can grow
to more than 16 on a single user, but Apple has never seen fit to make
the 'kern.ngroups' kernel parameter tunable, even at boot time. I
suspect that decision dates to when they tried to make the "Server"
version of Mac OS X a revenue center. According to the setgroups(2) man
page, "Invalid Argument" indicates a call with too many groups. It also
says that use of setgroups is "highly discouraged" but does not detail
why or how one is supposed to avoid it.
Based on hints in the initgroups(3) man page, I suspect the fix is to be
found somewhere in the use of mbr_* functions of OpenDirectory and a
consciously crafted group list passed to setgroups rather than blindly
replicating the potentially (in code built with one of the right macros)
oversize return of getgroups(2).
Best regards
Lasse
Från: Jeremy Harris <jgh@???>
Datum: söndag 18 september 2022 22:03
Till: <exim-users@???>
Ämne: Re: [exim] After upgrade to Exim 4.95 or 4.96: "setgroups:
Invalid argument"
On 18/09/2022 20:36, Lasse Törngren via Exim-users wrote:
I have tried to upgrade to Exim 4.95 on this machine, and to Exim 4.96
on a new server that I am setting up with MacOS Big Sur. On both
servers I get Exim Panic with “setgroups: Invalid argument” at
local (virtual) delivery. The users are set up with mysql, so the path
for delivery is a result of a mysql query. I have really tried to
figure out on my own why this is happening (through debugging,
checking file and folder paths and permissions and so on), but no luck
so far. On the new server everything works out fine with Exim 4.94, as
with the old server.
--
Andrew C. Aitchison Kendal, UK
andrew@???