> No one who knew what they were doing would want to run it as root. It's not my business to assume that I know better than they. If they have the ability to run something as root, then they should be able to do so. People who don't know what they are doing shouldn't use root at all.
> It's a fundamental principle of Linux security that processes run > with the > minimum privilege level necessary to do their job, hence my earlier > question whether it needed to be root. Another Linux fundamental is that the user has control over what happens. I believe the user should decide 'who' runs sb_server, not the script itself (i.e. the developers). If running sb_server.py actually required running as root, then I agree that would be a problem. It does not, however. >> What do we do on Windows? > > The code can check the platform and skip forking. Indeed, > > try: > import posix > #Go for it > except ImportError: > pass > > ought to be enough, since where posix is present (even on Macs), the > rest will work. But this means that sb_server starts behaving differently on different platforms. I'm -1 on anything that does that. What's wrong with having a separate script that does what you want (like the Windows ones), leaving sb_server properly cross-platform[1]? [This is also not a good way to test, since posix is not meant to be imported directly. Checking hasattr(os, "fork") would be much better.] >> Not everyone wants sb_server to run as a daemon. > > Perhaps not, but that could also be addressed with a command-line > option. I don't see the advantage of adding a command-line option (or several) over simply having a separate script. If I run sb_server.py in a console (which is the main way I run it), I do not want it to run as a daemon, and I don't want to have to specify an additional command-line option just to help people who aren't using sb_server properly. > And if it's being started as root, then one will presumably be > running it as a daemon. That too can be checked with os.getuid(). Explicit is better than implicit. Magically changing what happens depending on what user is running the script is not explicit. > In the meantime, I'll send a more secure initscript in the next > couple days. Note that the best place to put it is on sourceforge (http://sf.net/ projects/spambayes) as things are easily lost on the mailing lists. =Tony.Meyer [1] There is the open_platform_mutex code in sb_server. However, while there is only a Windows version there at the moment, adding versions for other platforms, if they were wanted, would be simple. _______________________________________________ spambayes-dev mailing list spambayes-dev@python.org http://mail.python.org/mailman/listinfo/spambayes-dev
