The PhoneBoy Blog


Simplifying Telecom, Mobile Phones, Gadgets, Health, and More!

I am the IT department

Well, at least in my house I am. :)

My wife called upon me this evening because she got a “server error” when she tried to use her web-based email. Her web-based email is on a server that I maintain running a copy of Open Webmail. It seemed like a good fit — it ran in the environment my ISP has for hosting, would use POP3 for authentication, and had the basic features she needed. This evening, one of her accounts was unable to log in. A trip to the server logs showed what the problem was, but I wasn’t sure how to fix it.

Going to the Open Webmail site, I discovered I was quite out of date in terms of versions. I took the opportunity to “upgrade” her Open Webmail installation to the latest version. The first go-around on the upgrade wasn’t quite so successful. It appears they ‘changed’ how certain things were done and my ISP’s FreeBSD server didn’t return the entire path of the program it was executing in $0 (otherwise known as the “program executing” parameter). Their “workaround” for this was to put the appropriate path in a file in /etc, which there was no way I could put there because I am not the “root” user on this system. So, it meant hacking a bunch of perl scripts to feed it the right path (I had to hack the scripts anyway because they were referring to suidperl, which wasn’t installed/needed in this instance).

After doing that, I was still getting some errors about a particular Perl module not being there. After tracking that down, I discovered that my ISP had upgraded Perl to 5.8 at some point and my 5.6.1-compiled module wasn’t working anymore. A recompile and install later, I got that working again, but I was still getting errors about some include not being considered “safe” (most of the perl scripts use the -T for “taint” checks, a good idea in this case). So I decided I’d punt for a little while, restore her old version of Open Webmail, recompile the module that old installation, and come back to it later.

After a few hours of not working on it, and having read some docs in the auth_pop3.conf.default file, I discovered that the one step I was missing was removing the “setuid” bit from all the perl scripts. It certainly wasn’t needed since the web server already executes everything under my user id anyway. Having done that and correctly reconfiguring stuff, I was able to upgrade my wife’s instance of Open Webmail. I also made a seperate “experimental” instance that I can test upgrades on and not mess my wife’s instance up. :)

tags:


#Cybersecurity Evangelist, Podcaster, #noagenda Producer, Frequenter of shiny metal tubes, Expressor of personal opinions, and of course, a coffee achiever.