Your message dated Tue, 23 Aug 2005 15:02:04 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#322582: fixed in whitelister 0.5-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 11 Aug 2005 15:17:29 +0000
>From [EMAIL PROTECTED] Thu Aug 11 08:17:29 2005
Return-path: <[EMAIL PROTECTED]>
Received: from obitoo.bu.net.au (smtp.bu.net.au) [202.6.38.5] 
        by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
        id 1E3EoD-0000w3-00; Thu, 11 Aug 2005 08:17:29 -0700
Received: from localhost (obitoo [127.0.0.1])
        by smtp.bu.net.au (Postfix) with ESMTP id CCB2F2F010A;
        Fri, 12 Aug 2005 01:17:24 +1000 (EST)
Received: from smtp.bu.net.au ([127.0.0.1])
        by localhost (obitoo [127.0.0.1]) (amavisd-new, port 10024) with LMTP
        id 23770-06; Fri, 12 Aug 2005 01:17:24 +1000 (EST)
Received: from keitarou (unknown [202.6.39.226])
        by smtp.bu.net.au (Postfix) with ESMTP id 7426C2F0107;
        Fri, 12 Aug 2005 01:17:23 +1000 (EST)
Received: from localhost (keitarou [127.0.0.1])
        by keitarou (Postfix) with ESMTP id 7633725ED1D;
        Fri, 12 Aug 2005 01:17:22 +1000 (EST)
Received: from keitarou ([127.0.0.1])
        by localhost (keitarou [127.0.0.1]) (amavisd-new, port 10024)
        with LMTP id 20967-05; Fri, 12 Aug 2005 01:17:21 +1000 (EST)
Received: by keitarou (Postfix, from userid 1000)
        id 3608225F38E; Fri, 12 Aug 2005 01:17:21 +1000 (EST)
Date: Fri, 12 Aug 2005 01:17:20 +1000
From: Paul TBBle Hampson <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: whitelister: Is it possible to drop privs _after_ establishing the 
socket, at least for unix sockets
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="qMm9M+Fa2AknHoGS"
Content-Disposition: inline
X-Reportbug-Version: 3.15
User-Agent: mutt-ng/devel-20050728 (Debian)
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at 
queanbeyan.bubblesworth.net
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at bu.net.au
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02


--qMm9M+Fa2AknHoGS
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Package: whitelister
Severity: wishlist
Version: 0.4-3

Just a suggestion: Currently, to use unix sockets, the changed-to uid must =
be
modified and a directory established owned by that user, or the daemon is s=
et
to run as root.

If privileges were dropped _after_ the unix socket was established, then the
socket could be bound successfully and the daemon would still end up as
'nobody'.

Currently the socket will be _unlinked_ before privileges are dropped, and =
the
=2Epid file created. So it's only the actual socket creation that's an issu=
e.

I can see that binding to an INET socket might not be desirable behaviour as
root, so maybe this behaviour could differ by socket type?

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (990, 'unstable'), (950, 'unstable'), (900, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12
Locale: LANG=3Den_AU.UTF-8, LC_CTYPE=3Den_AU.UTF-8 (charmap=3DUTF-8)

--=20
Paul "TBBle" Hampson, [EMAIL PROTECTED]
8th year CompSci/Asian Studies student, ANU

Shorter .sig for a more eco-friendly paperless office.

--qMm9M+Fa2AknHoGS
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD4DBQFC+2wAexDuohKLFuARArVhAJ9MKfvgcfCGZvOCQ+BnoannG+IwtQCY3qBH
2kQb3kVEjhM05+TJSV7T3g==
=CS67
-----END PGP SIGNATURE-----

--qMm9M+Fa2AknHoGS--

---------------------------------------
Received: (at 322582-close) by bugs.debian.org; 23 Aug 2005 22:09:41 +0000
>From [EMAIL PROTECTED] Tue Aug 23 15:09:41 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
        id 1E7gqK-00032I-00; Tue, 23 Aug 2005 15:02:04 -0700
From: Pierre Habouzit <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#322582: fixed in whitelister 0.5-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Tue, 23 Aug 2005 15:02:04 -0700
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02

Source: whitelister
Source-Version: 0.5-1

We believe that the bug you reported is fixed in the latest version of
whitelister, which is due to be installed in the Debian FTP archive:

whitelister_0.5-1.diff.gz
  to pool/main/w/whitelister/whitelister_0.5-1.diff.gz
whitelister_0.5-1.dsc
  to pool/main/w/whitelister/whitelister_0.5-1.dsc
whitelister_0.5-1_i386.deb
  to pool/main/w/whitelister/whitelister_0.5-1_i386.deb
whitelister_0.5.orig.tar.gz
  to pool/main/w/whitelister/whitelister_0.5.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Pierre Habouzit <[EMAIL PROTECTED]> (supplier of updated whitelister package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 23 Aug 2005 21:44:16 +0200
Source: whitelister
Binary: whitelister
Architecture: source i386
Version: 0.5-1
Distribution: unstable
Urgency: low
Maintainer: Pierre Habouzit <[EMAIL PROTECTED]>
Changed-By: Pierre Habouzit <[EMAIL PROTECTED]>
Description: 
 whitelister - a Postfix Whitelister daemon
Closes: 322582
Changes: 
 whitelister (0.5-1) unstable; urgency=low
 .
   * New upstream release.
   * Server loop has been rewritten, so that privileges drop comme after socket
     bind/listen (closes: #322582).
   * Some improvements in the init script.
Files: 
 b1336411d6b60ac1b50b455c4e63eeda 701 mail optional whitelister_0.5-1.dsc
 dbc4789600a88b3f4063c406b7e84a61 14313 mail optional 
whitelister_0.5.orig.tar.gz
 3582f9eb6722fd650226e16f063e5c69 2588 mail optional whitelister_0.5-1.diff.gz
 54fc0c9c9116b59ffb0d064c1a788673 102330 mail optional 
whitelister_0.5-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDC5u1vGr7W6HudhwRAiLPAJsHqtiEl54/qMytJMZl63eTWwB8pQCfZ6Zg
U+aSOG0prjlF1RlyXvYkIjg=
=9IhX
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to