Dan,
On debian/sarge I get:
gcc -DHAVE_CONFIG_H -I. -I. -I. -fomit-frame-pointer -Wall -O1 -g -W
-Wall -Wpointer-arith -Wstrict-prototypes -c server.c
server.c: In function `DropPrivledges':
server.c:164: warning: implicit declaration of function `setresuid'
server.c:165: warning: implicit declaration of function `setresgid'
AFAIK setresuid/setresgid are gnu extensions that are also available on
freebsd and hp-ux. Providing this on debian is of course no immediate
problem, even though we'd have to #define _GNU_SOURCE; For upstream,
however: a no go, it seems.
Wouldn't setuid/gid entail a more portable approach?
Still, a valid bug report that merits a solution.
Dan Weber wrote:
After all my different ways of patching it ugly and not. Here is my
final patch. This one seems most cleanly and seems just what was
needed. I added a function DropPrivledges to server.c which is called
from CreateSocket. So this forces the program, as soon as the socket
is created it drops permissions like it should be. I reccomend
submitting to CVS.
-- Dan Weber
------------------------------------------------------------------------
#! /bin/sh -e
## 07_drop_privledges.dpatch by <[EMAIL PROTECTED]>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.
if [ $# -lt 1 ]; then
echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
exit 1
fi
[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts
patch_opts="${patch_opts:--f --no-backup-if-mismatch} ${2:+-d $2}"
case "$1" in
-patch) patch -p1 ${patch_opts} < $0;;
-unpatch) patch -R -p1 ${patch_opts} < $0;;
*)
echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
exit 1;;
esac
exit 0
@DPATCH@
diff -urNad /usr/src/dbmail-2.0/server.c dbmail-2.0/server.c
--- /usr/src/dbmail-2.0/server.c 2004-05-11 21:03:36.000000000 -0400
+++ dbmail-2.0/server.c 2004-05-11 21:03:48.000000000 -0400
@@ -48,7 +48,7 @@
#include <arpa/inet.h>
#include <netdb.h>
#include <signal.h>
-
+#include <pwd.h>
int GeneralStopRequested = 0;
int Restart = 0;
@@ -154,6 +154,17 @@
}
}
+int DropPrivledges(serverConfig_t *conf)
+{
+ /* Dropping Permissions to effective user */
+ trace(TRACE_INFO, "Dropping root privledges");
+
+ struct passwd *user;
+ user = getpwnam(conf->serverUser);
+ setresuid(user->pw_uid,user->pw_uid,user->pw_uid);
+ setresgid(user->pw_gid,user->pw_gid,user->pw_gid);
+ return(0);
+}
int CreateSocket(serverConfig_t * conf)
{
@@ -217,7 +228,9 @@
trace(TRACE_INFO, "CreateSocket(): socket creation complete");
conf->listenSocket = sock;
-
+
+ DropPrivledges(conf);
return 0;
}
+
------------------------------------------------------------------------
_______________________________________________
Dbmail-dev mailing list
[email protected]
http://twister.fastxs.net/mailman/listinfo/dbmail-dev
--
________________________________________________________________
Paul Stevens mailto:[EMAIL PROTECTED]
NET FACILITIES GROUP PGP: finger [EMAIL PROTECTED]
The Netherlands________________________________http://www.nfg.nl
