On Tue, Nov 11, 2025 at 11:52:03AM -0500, Michael Orlitzky wrote: > The dkimpy-milter daemon is intended to start as root and drop > privileges to a user/group specified in the config file. It does this > AFTER creating a PID file, but for some reason it chowns the PID file > (as root) to the user/group that it intends to drop privileges > to. When you eventually stop the daemon, OpenRC trusts the PID in the > file, and that allows the unprivileged user to e.g. reboot the machine > by writing "1" in there. > > I mentioned this upstream, and launching as root was a design decision > to support reading secret keys before dropping privileges, so the > usual workaround of running PID-less in the foreground as the > unprivileged user (a la systemd) is not feasible. But you should be > able to patch out the problematic chown() calls and confirm that > everything still works fine under our two init systems.
Thanks, will do although testing with systemd will be somewhat problematic. I'll also add you as a co-maintainer. Hope you'll stay but feel free to drop if it will be a problem -- Eray
