Index: MANIFEST
===================================================================
--- MANIFEST	(revision 558745)
+++ MANIFEST	(working copy)
@@ -502,3 +502,5 @@
 t/spamc_H.t
 t/spamc_x_E_R.t
 t/spamc_x_e.t
+t/root_spamd_u.t
+t/root_spamd_u_dcc.t
Index: lib/Mail/SpamAssassin/Util.pm
===================================================================
--- lib/Mail/SpamAssassin/Util.pm	(revision 558745)
+++ lib/Mail/SpamAssassin/Util.pm	(working copy)
@@ -1336,6 +1336,7 @@
     # bug 3586: kludges needed to work around platform dependent behavior assigning to $<
     #  The POSIX functions deal with that so just use it here
     POSIX::setuid($touid);
+    $< = $touid; $> = $touid;       # bug 5574
 
     # Check that we have now accomplished the setuid: catch bug 3586 if it comes back
     if ($< != $touid) {
Index: t/root_spamd_u_dcc.t
===================================================================
--- t/root_spamd_u_dcc.t	(revision 0)
+++ t/root_spamd_u_dcc.t	(revision 0)
@@ -0,0 +1,65 @@
+#!/usr/bin/perl
+#
+# test for http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5574#c12 .
+# run with:   sudo prove -v t/root_spamd*
+
+use lib '.'; use lib 't';
+use SATest; sa_t_init("root_spamd_u_dcc");
+use Test;
+
+use constant TEST_ENABLED => conf_bool('run_root_tests');
+use constant DCC_TEST_ENABLED => conf_bool('run_dcc_tests');
+use constant IS_ROOT => eval { ($> == 0); };
+use constant RUN_TESTS => (TEST_ENABLED && DCC_TEST_ENABLED && IS_ROOT);
+
+BEGIN { plan tests => (RUN_TESTS ? 23 : 0) };
+exit unless RUN_TESTS;
+
+# ---------------------------------------------------------------------------
+
+%patterns = (
+        q{ spam reported to DCC }, 'dcc report',
+            );
+
+tstpre ("
+
+  loadplugin Mail::SpamAssassin::Plugin::DCC
+  dcc_timeout 30
+
+");
+
+ok sarun ("-t -D info -r < data/spam/gtubedcc.eml 2>&1", \&patterns_run_cb);
+# ok_all_patterns();
+
+# ---------------------------------------------------------------------------
+
+%patterns = (
+
+q{ X-Spam-Status: Yes, score=}, 'status',
+q{ X-Spam-Flag: YES}, 'flag',
+q{ X-Spam-Level: **********}, 'stars',
+
+);
+
+# run spamc as unpriv uid
+$spamc = "sudo -u nobody $spamc";
+
+$SIG{ALRM} = sub { stop_spamd(); die "timed out"; };
+alarm 60;
+ok(start_spamd("-c -H -m1"));
+alarm 0;
+
+# run a few times to ensure that the child can process more than
+# one message successfully. do not bother looking for the dcc
+# result; we just want to ensure that the check did not cause
+# the spamd kids to get hung
+for my $try (1 .. 5) {
+  $SIG{ALRM} = sub { stop_spamd(); die "timed out"; };
+  alarm 30;
+  ok(spamcrun("< data/spam/gtubedcc.eml", \&patterns_run_cb));
+  alarm 0;
+  ok_all_patterns();
+}
+
+ok(stop_spamd());
+

Property changes on: t/root_spamd_u_dcc.t
___________________________________________________________________
Name: svn:executable
   + *

Index: t/root_spamd_u.t
===================================================================
--- t/root_spamd_u.t	(revision 0)
+++ t/root_spamd_u.t	(revision 0)
@@ -0,0 +1,48 @@
+#!/usr/bin/perl
+
+# run with:   sudo prove -v t/root_spamd*
+
+use lib '.'; use lib 't';
+use SATest; sa_t_init("root_spamd_u");
+use Test;
+
+use constant TEST_ENABLED => conf_bool('run_root_tests');
+use constant IS_ROOT => eval { ($> == 0); };
+use constant RUN_TESTS => (TEST_ENABLED && IS_ROOT);
+
+BEGIN { plan tests => (RUN_TESTS ? 14 : 0) };
+exit unless RUN_TESTS;
+
+# ---------------------------------------------------------------------------
+
+%patterns = (
+
+q{ Return-Path: sb55sb55@yahoo.com}, 'firstline',
+q{ Subject: There yours for FREE!}, 'subj',
+q{ X-Spam-Status: Yes, score=}, 'status',
+q{ X-Spam-Flag: YES}, 'flag',
+q{ X-Spam-Level: **********}, 'stars',
+q{ TEST_ENDSNUMS}, 'endsinnums',
+q{ TEST_NOREALNAME}, 'noreal',
+q{ This must be the very last line}, 'lastline',
+
+);
+
+# run spamc as unpriv uid
+$spamc = "sudo -u nobody $spamc";
+
+ok(start_spamd("-L -u nobody"));
+
+ok(spamcrun("< data/spam/001", \&patterns_run_cb));
+ok_all_patterns();
+
+%patterns = (
+q{ X-Spam-Status: Yes, score=}, 'status',
+q{ X-Spam-Flag: YES}, 'flag',
+             );
+
+
+ok (spamcrun("< data/spam/018", \&patterns_run_cb));
+ok_all_patterns();
+
+ok(stop_spamd());

Property changes on: t/root_spamd_u.t
___________________________________________________________________
Name: svn:executable
   + *

Index: spamd/spamd.raw
===================================================================
--- spamd/spamd.raw	(revision 558745)
+++ spamd/spamd.raw	(working copy)
@@ -1024,10 +1024,11 @@
       # use the POSIX functions to hide the platform specific workarounds 
       POSIX::setgid($ugid);  # set effective and real gid
       POSIX::setuid($uuid);  # set effective and real UID
+      $< = $uuid; $> = $uuid;   # bug 5574
 
       # keep the sanity check to catch problems like bug 3900 just in case
       if ( $> != $uuid and $> != ( $uuid - 2**32 ) ) {
-        die "spamd: setuid to uid $uuid failed\n";
+        die "spamd: setuid to uid $uuid failed (> = $>, < = $<)\n";
       }
     }