My machine was rooted by this vulnerabilty. I'm in the process of recovering, and it isn't going well.
I've restored a backup and tried to "upgrade" (which updates to the patched exim4). Unfortunately, exim (and avahi-daemon) failed to start with the exim error being: "user mail was not found" when dpkg tries to run exim4.config. The full apt-get error sequence is:
Setting up exim4-config (4.69-9+lenny1) ...
2010-12-31 15:50:29 Exim configuration error in line 642 of /var/lib/exim4/config.autogenerated.tmp:
user mail was not found
2010-12-31 15:50:29 Exim configuration error in line 642 of /var/lib/exim4/config.autogenerated.tmp:
user mail was not found
2010-12-31 15:50:29 Exim configuration error in line 642 of /var/lib/exim4/config.autogenerated.tmp:
user mail was not found
exim: could not open panic log - aborting: see message(s) above
Invalid new configfile /var/lib/exim4/config.autogenerated.tmp, not installing
/var/lib/exim4/config.autogenerated.tmp to /var/lib/exim4/config.autogenerated
dpkg: error processing exim4-config (--configure):
subprocess post-installation script returned error exit status 1
dpkg: dependency problems prevent configuration of exim4-base:
exim4-base depends on exim4-config (>= 4.30) | exim4-config-2; however:
Package exim4-config is not configured yet.
Package exim4-config-2 is not installed.
Package exim4-config which provides exim4-config-2 is not configured yet.
dpkg: error processing exim4-base (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of exim4-daemon-light:
exim4-daemon-light depends on exim4-base (>= 4.69); however:
Package exim4-base is not configured yet.
dpkg: error processing exim4-daemon-light (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of bsd-mailx:
bsd-mailx depends on exim4 | mail-transport-agent; however:
Package exim4 is not installed.
Package mail-transport-agent is not installed.
Package exim4-daemon-light which provides mail-transport-agent is not configured yet.
dpkg: error processing bsd-mailx (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of mailx:
mailx depends on bsd-mailx; however:
Package bsd-mailx is not configured yet.
dpkg: error processing mailx (--configure):
dependency problems - leaving unconfigured
Errors were encountered while processing:
exim4-config
exim4-base
exim4-daemon-light
bsd-mailx
mailx
E: Sub-process /usr/bin/dpkg returned an error code (1)
I've removed\purged exim and tried to reinstall, but get the same error. After hours reading various reports of this exim error, the only "solved" threads (from years ago) were regarding various file permission issues (at least one case regarding /etc/passwd). in my case, strace shows the following file access failures:
38733:610 open("/etc/passwd", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
38735:610 open("/etc/localtime", O_RDONLY) = -1 EACCES (Permission denied)
38742:610 <... open resumed> ) = -1 EACCES (Permission denied)
38750:610 <... open resumed> ) = -1 EACCES (Permission denied)
38764:610 <... open resumed> ) = -1 EACCES (Permission denied)
38767:610 connect(5, {sa_family=AF_FILE, path="/dev/log"...}, 110) = -1 EACCES (Permission denied)
38769:610 open("/dev/console", O_WRONLY|O_NOCTTY) = -1 EACCES (Permission denied)
38771:610 open("/etc/localtime", O_RDONLY) = -1 EACCES (Permission denied)
38774:610 connect(5, {sa_family=AF_FILE, path="/dev/log"...}, 110) = -1 EACCES (Permission denied)
38776:610 open("/dev/console", O_WRONLY|O_NOCTTY) = -1 EACCES (Permission denied)
38778:610 open("/etc/localtime", O_RDONLY) = -1 EACCES (Permission denied)
38781:610 connect(5, {sa_family=AF_FILE, path="/dev/log"...}, 110) = -1 EACCES (Permission denied)
38783:610 open("/dev/console", O_WRONLY|O_NOCTTY) = -1 EACCES (Permission denied)
38785:610 open("/etc/localtime", O_RDONLY) = -1 EACCES (Permission denied)
38788:610 connect(5, {sa_family=AF_FILE, path="/dev/log"...}, 110) = -1 EACCES (Permission denied)
38790:610 open("/dev/console", O_WRONLY|O_NOCTTY) = -1 EACCES (Permission denied)
38792:610 open("/etc/localtime", O_RDONLY) = -1 EACCES (Permission denied)
38795:610 connect(5, {sa_family=AF_FILE, path="/dev/log"...}, 110) = -1 EACCES (Permission denied)
38797:610 open("/dev/console", O_WRONLY|O_NOCTTY) = -1 EACCES (Permission denied)
"chmod 777 /etc/passwd" doesn't help.
Another fix was to modify line 642 of /var/lib/exim4/config.autogenerated.tmp from "user = mail" to "user = 8" (the "number" for the "mail" user?), but the thread rightly suggested that this wasn't advisable.
Anyone have any ideas about what's wrong with /etc/passwd and how to fix it?
Many thanks
rickbol