On Tue, May 17, 2005 at 03:50:38PM +0000, Erich Titl said:
> Stephen Gran wrote:
> >On Tue, May 17, 2005 at 02:56:14PM +0000, Erich Titl said:
> >>might lead to problems with logging _before_ dropping privileges
> >
> >What, in particular, are you thinking of? If the first thing clamd does
> >is drop priviledges, there is no logging before dropping priviledges.
> >If the milter tries to log before dropping priviledges (say), it will be
> >running as root and can write to the logfile. Or am I missing
> >something?
> >
> You could not log problems while dropping privileges, well basically it
> might go to the (unwatched) console
>
> /* drop privileges */
> #ifndef C_OS2
> if(geteuid() == 0 && (cpt = cfgopt(copt, "User"))) {
> if((user = getpwnam(cpt->strarg)) == NULL) {
> fprintf(stderr, "ERROR: Can't get information about user
> %s.\n", cpt->strarg);
> logg("!Can't get information about user %s.\n", cpt->strarg);
> exit(1);
> }No, the logg() function creates the file if it does not exist. So, if the getpwnam fails, the logg() call will still work. This one logg() call (well, and the one following this, if it fails) will still create a root owned log file, but that is basically OK in this scenario, as the local admin has clearly already goofed the install. -- -------------------------------------------------------------------------- | Stephen Gran | If you do not think about the future, | | [EMAIL PROTECTED] | you cannot have one. -- John | | http://www.lobefin.net/~steve | Galsworthy | --------------------------------------------------------------------------
pgpMmJROn9SVX.pgp
Description: PGP signature
_______________________________________________ http://lurker.clamav.net/list/clamav-users.html
