Dan Weber wrote:
BTW, I have been running dbmail with the drop_privledges() since you
mentioned it. The preforked patched version of 2.0 here had no issue
making new childs at high peak times and have handling done
approprietly.
Nice to hear my dynamic preforking is holding up for you :-)
You are correct in assuming that your approach will work with forking, running,
and waiting for children. The case I was referring to however was when you send
a sighup to dbmail. This will, among other things, close and reopen all sockets.
This will, as Aaron and I have stated, *not* work when the parent daemon has
dropped privileges.
So either run a single isolated parent as root, and be able to gracefully
restart by sending sighups, or run in a fully dropped privileges mode and do
cold restarts whenever the config needs to be reread.
I'm not sure the graceful restart is currently working as gracefully as could
be, but the idea to implement a graceful restart still holds merit in my book.
I'm not saying you don't have a point, though. Some healthy paranoia will serve
us well. There may indeed exist some exploitable hole in the current approach.
But the current setup is not evil by design, nor easily exploitable. And it is
in line with best practices in some of the most ubiquious oss projects around.
--
________________________________________________________________
Paul Stevens [EMAIL PROTECTED]
NET FACILITIES GROUP GPG/PGP: 1024D/11F8CD31
The Netherlands_______________________________________www.nfg.nl
