Quantcast

port security/cyrus-sasl2: Incorrect file permission

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

port security/cyrus-sasl2: Incorrect file permission

Zhang Huangbin
Dear port maintainers,

I'm running OpenBSD 5.3, and install cyrus-sasl-2.1.26p0-ldap with binary package,
seems it has incorrect file permission on file /usr/local/lib/libsasl2.so.3.0.
Default permission after package install is:

-rw-r----- 1 root bin 123670 Feb 26 2013 /usr/local/lib/libsasl2.so.3.0

With this permission, Python module "ldap" (port databases/py-ldap) cannot be
imported by Apache daemon user "www", then all Python web applications
cannot use python module "ldap".

Hot to reproduce this issue:

# chsh -s /bin/sh www
# su - www
$ python -c "import ldap"
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/usr/local/lib/python2.7/site-packages/ldap/__init__.py", line 23, in <module>
from _ldap import *
ImportError: Cannot load specified object



How to fix it manually:

# chmod o+r /usr/local/lib/libsasl2.so.3.0

Below are steps to trace this permission issue.

1) Create a python file with only one line: "import ldap".

# chsh -s /bin/sh www
# su - www
$ pwd
/var/www
$ echo 'import ldap' > ~/tmp/1.py
$ python tmp/1.py    # <- Get error: "ImportError: Cannot load specified object"

2) Trace it with "ktrace", view log with "kdump".

$ ktrace -t + python 1.py    # <- Get error: "ImportError: Cannot load specified object"
$ kdump -f ktrace.out | grep -2 -i 'permission denied'
18421 python2.7 CALL open(0x15a593d7d63d,0<O_RDONLY>)
18421 python2.7 NAMI "/usr/local/lib/libsasl2.so.3.0"
18421 python2.7 RET open -1 errno 13 Permission denied



See also: discussion in python-ldap mailing list:
http://mail.python.org/pipermail/python-ldap/2013q3/003275.html

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: port security/cyrus-sasl2: Incorrect file permission

Antoine Jacoutot-7
That has been fixed more than 2 months ago.
Thanks for the report though.

On Wed, Aug 28, 2013 at 08:15:38AM +0800, Zhang Huangbin wrote:

> Dear port maintainers,
>
> I'm running OpenBSD 5.3, and install cyrus-sasl-2.1.26p0-ldap with binary package,
> seems it has incorrect file permission on file /usr/local/lib/libsasl2.so.3.0.
> Default permission after package install is:
>
> -rw-r----- 1 root bin 123670 Feb 26 2013 /usr/local/lib/libsasl2.so.3.0
>
> With this permission, Python module "ldap" (port databases/py-ldap) cannot be
> imported by Apache daemon user "www", then all Python web applications
> cannot use python module "ldap".
>
> Hot to reproduce this issue:
>
> # chsh -s /bin/sh www
> # su - www
> $ python -c "import ldap"
> Traceback (most recent call last):
> File "<string>", line 1, in <module>
> File "/usr/local/lib/python2.7/site-packages/ldap/__init__.py", line 23, in <module>
> from _ldap import *
> ImportError: Cannot load specified object
>
>
>
> How to fix it manually:
>
> # chmod o+r /usr/local/lib/libsasl2.so.3.0
>
> Below are steps to trace this permission issue.
>
> 1) Create a python file with only one line: "import ldap".
>
> # chsh -s /bin/sh www
> # su - www
> $ pwd
> /var/www
> $ echo 'import ldap' > ~/tmp/1.py
> $ python tmp/1.py    # <- Get error: "ImportError: Cannot load specified object"
>
> 2) Trace it with "ktrace", view log with "kdump".
>
> $ ktrace -t + python 1.py    # <- Get error: "ImportError: Cannot load specified object"
> $ kdump -f ktrace.out | grep -2 -i 'permission denied'
> 18421 python2.7 CALL open(0x15a593d7d63d,0<O_RDONLY>)
> 18421 python2.7 NAMI "/usr/local/lib/libsasl2.so.3.0"
> 18421 python2.7 RET open -1 errno 13 Permission denied
>
>
>
> See also: discussion in python-ldap mailing list:
> http://mail.python.org/pipermail/python-ldap/2013q3/003275.html
>

--
Antoine

Loading...