Tony Meyer wrote:
> [Richard Heck]
>
>> the suggestion was that sb_server.py should handle these things
>> itself (as most system daemons do), that is, lower its own
>> privileges if it discovers that it is running as root
>
> I'm -1 on this, personally. IMO it's up to whoever runs sb_server.py
> (or any of the other SpamBayes scripts) to decide what user should
> run it. What if a user wants to run it as root?
No one who knew what they were doing would want to run it as root. It's
a fundamental principle of Linux security that processes run with the
minimum privilege level necessary to do their job, hence my earlier
question whether it needed to be root. If someone wants to violate that
principle, well, that is very silly. But if one wanted to allow it, then
a command-line option would do so.
There is the issue about ports below 1024, but that may not be terribly
hard to address, at least in an indirect kind of way.
> What do we do on Windows?
The code can check the platform and skip forking. Indeed,
try:
import posix
#Go for it
except ImportError:
pass
ought to be enough, since where posix is present (even on Macs), the
rest will work.
>> and then daemonize itself by forking and dissociating itself from
>> the originating process.
>
> It sounds like what you actually want is a sb_daemon.py script that
> lowers privileges and launches sb_server.py (something like the
> pop3proxy_tray.py and pop3proxy_service.py scripts for Windows). Not
> everyone wants sb_server to run as a daemon.
Perhaps not, but that could also be addressed with a command-line
option. And if it's being started as root, then one will presumably be
running it as a daemon. That too can be checked with os.getuid().
When I get a little time (a free afternoon, say), I'll have a more
serious look at this issue and let you know what happens. In the
meantime, I'll send a more secure initscript in the next couple days.
Richard
_______________________________________________
spambayes-dev mailing list
[email protected]
http://mail.python.org/mailman/listinfo/spambayes-dev
