Debian Bug report logs - #649835
mailscanner: Since perl update MailScanner seems to fork another parent with children (fork bomb?)

Display info messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: David Hill <reportbug@binarystorm.net>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: mailscanner: Since perl update MailScanner seems to fork another parent with children (fork bomb?)

Date: Thu, 24 Nov 2011 02:01:17 -0500

Package: mailscanner
Version: 4.79.11-2.2
Severity: important

Dear Maintainer,

   * Updating perl (and or spamassassin) seems to have trigered this issue
   * I did nothing, still trying to figure out why it does this... 
   * I was expecting MailScanner to be not affected by any of these updates
   * The server got out of swap and died ... poor server :(


-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 3.1.0-rc4 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages mailscanner depends on:
ii  debconf [debconf-2.0]                      1.5.41     
ii  exim4                                      4.77-1     
ii  exim4-daemon-light [mail-transport-agent]  4.77-1+b1  
ii  libarchive-zip-perl                        1.30-4     
ii  libconvert-tnef-perl                       0.17-11    
ii  libdbd-sqlite3-perl                        1.33-1+b1  
ii  libdbi-perl                                1.616-1+b2 
ii  libdigest-sha1-perl                        2.13-2+b1  
ii  libfilesys-df-perl                         0.92-4+b1  
ii  libhtml-parser-perl                        3.69-1+b1  
ii  libmailtools-perl                          2.08-1     
ii  libmime-perl                               5.427-2    
ii  libmime-tools-perl [libmime-perl]          5.502-1    
ii  libnet-cidr-perl                           0.14-1     
ii  libnet-dns-perl                            0.66-2+b2  
ii  libnet-ip-perl                             1.25-3     
ii  libole-storage-lite-perl                   0.19-1     
ii  libsys-hostname-long-perl                  1.4-2      
ii  perl                                       5.14.2-5   
ii  spamassassin                               3.3.2-2    
ii  ucf                                        3.0025+nmu2
ii  unzip                                      6.0-5      

Versions of packages mailscanner recommends:
ii  clamav                 <none>   
ii  clamav-daemon          <none>   
ii  libnet-cidr-lite-perl  <none>   
ii  ncftp                  2:3.2.5-1
ii  tnef                   <none>   
ii  wget                   1.13.4-1 

Versions of packages mailscanner suggests:
pn  libmail-spf-query-perl  <none>
pn  libnet-ldap-perl        <none>
pn  unrar-nonfree           <none>

-- Configuration Files:
/etc/MailScanner/MailScanner.conf changed [not included]
/etc/MailScanner/filetype.rules.conf changed [not included]
/etc/MailScanner/phishing.safe.sites.conf changed [not included]
/etc/MailScanner/rules/spam.whitelist.rules changed [not included]
/etc/MailScanner/spam.assassin.prefs.conf changed [not included]
/etc/MailScanner/virus.scanners.conf changed [not included]
/etc/default/mailscanner changed [not included]
/etc/init.d/mailscanner changed [not included]

-- debconf information excluded

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Message #10 received at 649835@bugs.debian.org (full text, mbox, reply):

From: David Hill <hilld@binarystorm.net>

To: 649835@bugs.debian.org

Subject: Re: Bug#649835: Acknowledgement (mailscanner: Since perl update MailScanner seems to fork another parent with children (fork bomb?))

Date: Thu, 24 Nov 2011 02:34:07 -0500

Hi guys,

   Seems like the hourly crontab entry that starts the mailscanner daemon 
if it's not running starts it even if it's already running.
At least I can save the server from crashing.

Dave


--------------------------------------------------
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Sent: Thursday, November 24, 2011 2:03 AM
To: "David Hill" <reportbug@binarystorm.net>
Subject: Bug#649835: Acknowledgement (mailscanner: Since perl update 
MailScanner seems to fork another parent with children (fork bomb?))

> Thank you for filing a new Bug report with Debian.
>
> This is an automatically generated reply to let you know your message
> has been received.
>
> Your message is being forwarded to the package maintainers and other
> interested parties for their attention; they will reply in due course.
>
> Your message has been sent to the package maintainer(s):
> Simon Walter <simon.walter@hp-factory.de>
>
> If you wish to submit further information on this problem, please
> send it to 649835@bugs.debian.org.
>
> Please do not send mail to owner@bugs.debian.org unless you wish
> to report a problem with the Bug-tracking system.
>
> -- 
> 649835: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649835
> Debian Bug Tracking System
> Contact owner@bugs.debian.org with problems
>
>
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> 

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Message #15 received at 649835@bugs.debian.org (full text, mbox, reply):

From: David Hill <hilld@binarystorm.net>

To: 649835@bugs.debian.org, David Hill <reportbug@binarystorm.net>

Subject: Re: Bug#649835: Acknowledgement (mailscanner: Since perl update MailScanner seems to fork another parent with children (fork bomb?))

Date: Thu, 24 Nov 2011 02:43:30 -0500

Seems like start-stop-daemon doesn't see MailScanner?!?!?    But I know it 
works ... I can start/stop apache with it.  What is happening here?


<<SNIP>>
Exit status with --status:
 0 = program is running
 1 = program is not running and the pid file exists
 3 = program is not running
 4 = unable to determine status
wolfe:/sbin# start-stop-daemon -T --name MailScanner
wolfe:/sbin# echo $?
3
wolfe:/sbin# ps -ef | grep Mail
116       7197     1  0 02:37 ?        00:00:00 MailScanner: master waiting 
for children, sleeping
116       7198  7197  1 02:37 ?        00:00:03 MailScanner: waiting for 
messages
116       7216  7197  1 02:37 ?        00:00:03 MailScanner: waiting for 
messages
root     10619 11084  0 02:41 pts/2    00:00:00 grep Mail

--------------------------------------------------
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Sent: Thursday, November 24, 2011 2:03 AM
To: "David Hill" <reportbug@binarystorm.net>
Subject: Bug#649835: Acknowledgement (mailscanner: Since perl update 
MailScanner seems to fork another parent with children (fork bomb?))

> Thank you for filing a new Bug report with Debian.
>
> This is an automatically generated reply to let you know your message
> has been received.
>
> Your message is being forwarded to the package maintainers and other
> interested parties for their attention; they will reply in due course.
>
> Your message has been sent to the package maintainer(s):
> Simon Walter <simon.walter@hp-factory.de>
>
> If you wish to submit further information on this problem, please
> send it to 649835@bugs.debian.org.
>
> Please do not send mail to owner@bugs.debian.org unless you wish
> to report a problem with the Bug-tracking system.
>
> -- 
> 649835: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649835
> Debian Bug Tracking System
> Contact owner@bugs.debian.org with problems
>
>
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> 

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Message #20 received at 649835@bugs.debian.org (full text, mbox, reply):

From: Thanos Kyritsis <djart@linux.gr>

To: 649835@bugs.debian.org

Subject: Re: Bug#649835: Acknowledgement (mailscanner: Since perl update MailScanner seems to fork another parent with children (fork bomb?))

Date: Thu, 24 Nov 2011 12:14:55 +0200

Hello to all,

I acknowledge too. After the perl upgrade to 5.14.2-5 on a debian
testing server, start-stop-daemon doesn't work with Mailscanner. It
only works for starting it but it's unable to stop it. The results
were exactly the same. The hourly cron job went on starting additional
MailScanner children until the server got out of memory and swap and
died.


My setup is a bit different though. Since MailScanner is no longer in
the debian repositories (apart from stable), I'm running a vanilla
MailScanner 4.84.3 tar distribution using the debian stable
mailscanner 4.79.11-2.2 cron and init.d scripts :)

At the moment I have downgraded (and set to hold) my perl packages
back to perl 5.12.4-6 and all the corresponding dependencies (packages
like libapt-pkg-perl, etc).

Message #25 received at 649835@bugs.debian.org (full text, mbox, reply):

From: Arnaud FLORENT <aflorent@iris-tech.fr>

To: 649835@bugs.debian.org

Subject: mailscanner: Since perl update MailScanner seems to fork another parent with children (fork bomb?)

Date: Mon, 02 Apr 2012 17:09:14 +0200

i tried to understand this behaviour

it seems the way perl handle process name update ($0) has changed
http://perldoc.perl.org/5.14.0/perldelta.html

Assignment to $0 sets the legacy process name with prctl() on Linux
On Linux the legacy process name is now set with prctl(2), in addition 
to altering the POSIX name via argv[0] , as Perl has done since version 
4.000.
Now system utilities that read the legacy process name such as ps, top, 
and killall recognize the name you set when assigning to $0 . The string 
you supply is truncated at 16 bytes; this limitation is imposed by Linux.


it seems to disturb init.d script which use --name MailScanner option to 
check if the daemon is running

    Check  for  processes  with  the name process-name (according to 
/proc/pid/stat).

but this file does not contain MailScanner but a longer string for 
example for the process " MailScanner: master waiting for children, 
sleeping"
21283 (MailScanner: ma) ...

with previous perl version, it contains 14302 (MailScanner) ...

so init.d script considers always MailScanner is not running:
- stop doesn't work
- start will launch a new daemon instance each time it is called 
(especially via /etc/cron.daily/mailscanner)

so init.d script should be fixed to use another method to find daemon 
instance (may be using /var/run/MailScanner/MailScanner.pid)

# start-stop-daemon -v --start --startas MailScanner --name MailScanner  
--test
Would start MailScanner .

v# start-stop-daemon -v --start --startas MailScanner --pid 
/var/run/MailScanner/MailScanner.pid --test
process already running.



sample init.d diff
86a87
> PIDFILE=`${QUICKPEEK} 'PID file' ${CONFFILE}`
102c103
<       start-stop-daemon --start --quiet --startas $STARTAS --name 
$NAME --test > /dev/null \
---
>       start-stop-daemon --start --quiet --startas $STARTAS  --pidfile 
"$PIDFILE" --test > /dev/null \
104c105
<       start-stop-daemon --start --quiet --nicelevel $run_nice --exec 
$DAEMON --name $NAME -- $DAEMON_ARGS \
---
>       start-stop-daemon --start --quiet --nicelevel $run_nice --exec 
$DAEMON  --pidfile "$PIDFILE" -- $DAEMON_ARGS \
126c127
<       start-stop-daemon --stop --quiet --retry=TERM/10/TERM/20 --name 
$NAME
---
>       start-stop-daemon --stop --quiet --retry=TERM/10/TERM/20  
--pidfile "$PIDFILE"
143c144
<       start-stop-daemon --stop --signal 1 --quiet --name $NAME
---
>       start-stop-daemon --stop --signal 1 --quiet --pidfile "$PIDFILE"

Message #30 received at 649835-done@bugs.debian.org (full text, mbox, reply):

From: Andreas Beckmann <anbe@debian.org>

To: 649835-done@bugs.debian.org

Subject: mailscanner has been removed from Debian in 2011

Date: Sat, 23 Jul 2016 15:36:35 +0200

Version: 4.79.11-2.2+rm

mailscanner was last released with Debian 6.0 (squeeze) in
February 2011 and removed from Debian sid/unstable later in 2011 (see
http://bugs.debian.org/531317 for details on the removal). Since
support for squeeze and squeeze-LTS has now ended, I'm closing all the
remaining bugs reported against this package.


Andreas

Send a report that this bug log contains spam.