Dan Weber <[EMAIL PROTECTED]> said: > > On Thu, May 13, 2004 at 12:16:04AM -0000, Aaron Stone wrote: > > Yes, but let's do it right and cleanly! > > > > So if you look in misc.c, there's a function called drop_privileges which > > sets the uid/gid to that of the unprivileged user specified in the > > dbmail.conf file. It is called from lmtpd.c, as with all of the other > > daemons... is it not doing the trick for you? > > > > Aaron > > Didn't realize it was there. Just replace my function with it. > Replace the calls. Ill submit some doxygen makefile so I can see > everything on the same page. This way we can start documenting the > code better, and we can make sure we are doing things cleanly. Like > this would have never happened. :) > > -- Dan Weber >
To be honest, I haven't read your patch nor have I read the particular parts of DBMail in question in any detail... so it's entirely possible that you're seeing an unhandled corner case or a different angle that I'm not aware of at all. But there *should* be working code that does drop privileges using setuid/setgid. Does your patch call drop_privileges, or your equivalent, in a different situation than it is currently being called? I'll go back and check the patch unless you beat me to describing it ;-) Aaron --
