Hi!
FYI;- I've noticed spamd & spamlogd open their high ports as root.
These pf rules work, changing to 'user _spamd' doesn't:
pass in on $ext_if inet proto udp \
from $ext_if:network port > 1023 \
to $ext_if:0 port spamd-sync \
user root
pass out on $ext_if inet proto udp \
from $ext_if:0 port > 1023 \
to $ext_if:network port spamd-sync \
user root
$ fstat -u _spamd | fgrep internet
_spamd spamlogd 2861 4* internet dgram udp *:12412
_spamd spamd 1408 3* internet stream tcp 0x0 *:8025
_spamd spamd 1408 4* internet stream tcp 0x0 127.0.0.1:8026
_spamd spamd 1408 5* internet dgram udp 78.33.153.147:8025
_spamd spamd 11154 3* internet stream tcp 0x0 *:8025
_spamd spamd 11154 4* internet stream tcp 0x0 127.0.0.1:8026
_spamd spamd 11154 5* internet dgram udp 78.33.153.147:8025
_spamd spamd 11452 3* internet stream tcp 0x0 *:8025
_spamd spamd 11452 4* internet stream tcp 0x0 127.0.0.1:8026
_spamd spamd 11452 5* internet dgram udp 78.33.153.147:8025
This box syslogs:
Dec 18 15:13:25 palm spamd[1408]: new WHITE from 78.33.153.148 for
208.70.245.125, expires 1453562006
The WHITE would be from spamlogd sending to UDP 8025 as root
due to the pf rules above for that port require root to function.
The source files show all the sockets are opened before priv drop.
As the ports are above 1023, is this necessary? - I'm not a C coder...
The more recent commit logs & source don't seem to have changed in this
regard from:
$ head -n 5 /var/run/dmesg.boot
OpenBSD 5.7 (GENERIC) #738: Sun Mar 8 10:59:31 MDT 2015
[email protected]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium II ("GenuineIntel" 686-class, 512KB L2 cache) 349 MHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PSE36,MMX,FXSR,PERF
real mem = 267849728 (255MB)
