Well, Dan's idea to move the drop_privileges call to server.c does deserve some
attention. Currently privileges are dropped in the child process that itselfs
forks off the client handlers. There remains a single process running as root.
Could this pose a threat? Afaik, this process is indeed in state listen, but
there's no handler connected. Is this exploitable?
I've done some testing with moving drop_privileges to server.c,CreateSocket and
the only thing I can come up with is that the daemon can not bind the right
sockets on receiving a sighup due to lack of privileges.
Aaron Stone wrote:
Yes, but let's do it right and cleanly!
So if you look in misc.c, there's a function called drop_privileges which sets
the uid/gid to that of the unprivileged user specified in the dbmail.conf
file. It is called from lmtpd.c, as with all of the other daemons... is it not
doing the trick for you?
Aaron
Dan Weber <[EMAIL PROTECTED]> said:
[snip]
Sounds fair enough. It is key we get the problem fixed immeadietly.
-- Dan Weber
--
_______________________________________________
Dbmail-dev mailing list
Dbmail-dev@dbmail.org
http://twister.fastxs.net/mailman/listinfo/dbmail-dev
--
________________________________________________________________
Paul Stevens [EMAIL PROTECTED]
NET FACILITIES GROUP GPG/PGP: 1024D/11F8CD31
The Netherlands_______________________________________www.nfg.nl
