Here is a newer patch to work with. It doesn't work but thats my fault. It has the general layout of how things need to be tho. As soon as you create a socket, permissions must be dropped. I suggest making a DropPrivleges function to do it for each pop3, imap, and lmtp.
-- Dan Weber
#! /bin/sh -e
## 07_drop_privledges.dpatch by <[EMAIL PROTECTED]>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.
if [ $# -lt 1 ]; then
echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
exit 1
fi
[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts
patch_opts="${patch_opts:--f --no-backup-if-mismatch} ${2:+-d $2}"
case "$1" in
-patch) patch -p1 ${patch_opts} < $0;;
-unpatch) patch -R -p1 ${patch_opts} < $0;;
*)
echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
exit 1;;
esac
exit 0
@DPATCH@
diff -urNad /usr/src/dbmail-2.0/server.c dbmail-2.0/server.c
--- /usr/src/dbmail-2.0/server.c 2004-05-11 18:32:03.000000000 -0400
+++ dbmail-2.0/server.c 2004-05-11 18:32:31.000000000 -0400
@@ -48,7 +48,7 @@
#include <arpa/inet.h>
#include <netdb.h>
#include <signal.h>
-
+#include <pwd.h>
int GeneralStopRequested = 0;
int Restart = 0;
@@ -217,6 +217,18 @@
trace(TRACE_INFO, "CreateSocket(): socket creation complete");
conf->listenSocket = sock;
+
+ /* Dropping Permissions to effective user */
+ trace(TRACE_INFO, "Dropping root privledges");
+
+ field_t val;
+ struct list *items;
+ GetConfigValue("EFFECTIVE_USER",items,val);
+
+ struct passwd *user;
+ user = getpwnam(val);
+ setresuid(user->pw_uid,user->pw_uid,user->pw_uid);
+ setresgid(user->pw_uid,user->pw_uid,user->pw_gid);
return 0;
}
signature.asc
Description: Digital signature
