Hi,
Paul J Stevens wrote:
Well, Dan's idea to move the drop_privileges call to server.c does
deserve some attention. Currently privileges are dropped in the child
process that itselfs forks off the client handlers. There remains a
single process running as root. Could this pose a threat? Afaik, this
process is indeed in state listen, but there's no handler connected. Is
this exploitable?
I've just checked on a webserver:
the 'root' apache process also is in state LISTEN and runs as root. So I
guess that's the way its' supposed to be. I presume Apache would be
doing The Right Thing.
I've done some testing with moving drop_privileges to
server.c,CreateSocket and the only thing I can come up with is that the
daemon can not bind the right sockets on receiving a sighup due to lack
of privileges.
I was thinking the same thing.
Aaron Stone wrote:
Yes, but let's do it right and cleanly!
So if you look in misc.c, there's a function called drop_privileges
which sets
the uid/gid to that of the unprivileged user specified in the dbmail.conf
file. It is called from lmtpd.c, as with all of the other daemons...
is it not
doing the trick for you?
Aaron
Dan Weber <[EMAIL PROTECTED]> said:
[snip]
Sounds fair enough. It is key we get the problem fixed immeadietly.
-- Dan Weber
--
_______________________________________________
Dbmail-dev mailing list
Dbmail-dev@dbmail.org
http://twister.fastxs.net/mailman/listinfo/dbmail-dev
