Just a little nitpicking, but "privileges" does not have a "d" in it...
Looks like a good patch to solve this problem, just so long as it will be
cross platform friendly!
Aaron
Paul J Stevens <[EMAIL PROTECTED]> said:
>
> Dan,
>
> On debian/sarge I get:
>
> gcc -DHAVE_CONFIG_H -I. -I. -I. -fomit-frame-pointer -Wall -O1 -g -W
> -Wall -Wpointer-arith -Wstrict-prototypes -c server.c
> server.c: In function `DropPrivledges':
> server.c:164: warning: implicit declaration of function `setresuid'
> server.c:165: warning: implicit declaration of function `setresgid'
>
> AFAIK setresuid/setresgid are gnu extensions that are also available on
> freebsd and hp-ux. Providing this on debian is of course no immediate
> problem, even though we'd have to #define _GNU_SOURCE; For upstream,
> however: a no go, it seems.
>
> Wouldn't setuid/gid entail a more portable approach?
>
> Still, a valid bug report that merits a solution.
>
>
> Dan Weber wrote:
> > After all my different ways of patching it ugly and not. Here is my
> > final patch. This one seems most cleanly and seems just what was
> > needed. I added a function DropPrivledges to server.c which is called
> > from CreateSocket. So this forces the program, as soon as the socket
> > is created it drops permissions like it should be. I reccomend
> > submitting to CVS.
> >
> > -- Dan Weber
> >
> >
> > ------------------------------------------------------------------------
> >
> > #! /bin/sh -e
> > ## 07_drop_privledges.dpatch by <[EMAIL PROTECTED]>
> > ##
> > ## All lines beginning with `## DP:' are a description of the patch.
> > ## DP: No description.
> >
> > if [ $# -lt 1 ]; then
> > echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
> > exit 1
> > fi
> >
> > [ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts
> > patch_opts="${patch_opts:--f --no-backup-if-mismatch} ${2:+-d $2}"
> >
> > case "$1" in
> > -patch) patch -p1 ${patch_opts} < $0;;
> > -unpatch) patch -R -p1 ${patch_opts} < $0;;
> > *)
> > echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
> > exit 1;;
> > esac
> >
> > exit 0
> >
> > @DPATCH@
> > diff -urNad /usr/src/dbmail-2.0/server.c dbmail-2.0/server.c
> > --- /usr/src/dbmail-2.0/server.c 2004-05-11 21:03:36.000000000 -0400
> > +++ dbmail-2.0/server.c 2004-05-11 21:03:48.000000000 -0400
> > @@ -48,7 +48,7 @@
> > #include <arpa/inet.h>
> > #include <netdb.h>
> > #include <signal.h>
> > -
> > +#include <pwd.h>
> >
> > int GeneralStopRequested = 0;
> > int Restart = 0;
> > @@ -154,6 +154,17 @@
> > }
> > }
> >
> > +int DropPrivledges(serverConfig_t *conf)
> > +{
> > + /* Dropping Permissions to effective user */
> > + trace(TRACE_INFO, "Dropping root privledges");
> > +
> > + struct passwd *user;
> > + user = getpwnam(conf->serverUser);
> > + setresuid(user->pw_uid,user->pw_uid,user->pw_uid);
> > + setresgid(user->pw_gid,user->pw_gid,user->pw_gid);
> > + return(0);
> > +}
> >
> > int CreateSocket(serverConfig_t * conf)
> > {
> > @@ -217,7 +228,9 @@
> >
> > trace(TRACE_INFO, "CreateSocket(): socket creation complete");
> > conf->listenSocket = sock;
> > -
> > +
> > + DropPrivledges(conf);
> > return 0;
> > }
> >
> > +
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Dbmail-dev mailing list
> > [email protected]
> > http://twister.fastxs.net/mailman/listinfo/dbmail-dev
>
> --
> ________________________________________________________________
> Paul Stevens mailto:[EMAIL PROTECTED]
> NET FACILITIES GROUP PGP: finger [EMAIL PROTECTED]
> The Netherlands________________________________http://www.nfg.nl
> _______________________________________________
> Dbmail-dev mailing list
> [email protected]
> http://twister.fastxs.net/mailman/listinfo/dbmail-dev
>
--
