Jordi Mallach <[email protected]> ha escrit:
> Yes, but still, if a local admin decides to override that and use the
> suid bit, it'd be a lot better if maidag has the fix.
I see. The attached patch for maidag drops setuid privs for any mode
except mda.
Regards,
Sergey
diff --git a/maidag/maidag.c b/maidag/maidag.c
index b5f5504..832ba13 100644
--- a/maidag/maidag.c
+++ b/maidag/maidag.c
@@ -507,6 +507,21 @@ struct mu_cli_setup cli = {
0-9 - Set maidag debugging level\n")
};
�
+/* Drop setuid privileges. This function is called before delivering in
+ any mode, excepting MDA. The latter needs setuid to be able to assume
+ the recipient identity.
+ */
+static void
+drop_setuid (void)
+{
+ if (setuid (getuid ()))
+ {
+ maidag_error (_("cannot reset user privileges: %s"),
+ mu_strerror (errno));
+ exit (EX_UNAVAILABLE);
+ }
+}
+�
int
main (int argc, char *argv[])
{
@@ -561,10 +576,11 @@ main (int argc, char *argv[])
mu_stdstream_strerr_setup (mu_log_syslog ?
MU_STRERR_SYSLOG : MU_STRERR_STDERR);
}
-
+
switch (maidag_mode)
{
case mode_lmtp:
+ drop_setuid ();
if (argc)
{
mu_error (_("too many arguments"));
@@ -573,6 +589,7 @@ main (int argc, char *argv[])
return maidag_lmtp_server ();
case mode_url:
+ drop_setuid ();
/* FIXME: Verify if the urls are deliverable? */
delivery_fun = deliver_to_url;
break;
