On Sun, May 23, 2010 at 12:44:14PM -0600, Jacek Masiulaniec wrote: > CVSROOT: /cvs > Module name: src > Changes by: [email protected] 2010/05/23 12:44:14 > > Modified files: > usr.sbin/smtpd : smtpd.c > > Log message: > When executing external mda, call dup2, closefrom, and chdir before > setresuid because after dropping superuser privileges the process > cannot be trusted to call these. > > Thanks to oga@, kettenis@, and nicm@ for confirming my paranoia. >
Theo pointed out this isn't necessarily true when using setresuid because it disallows ptracing if the uids were changed. So commit didn't fix a bug, but at least the code is clearer now.
