On Mon, Mar 26, 2001 at 10:45:44PM +1000, Mark Devin wrote: > I would like to make fetchmail run as a user rather than root when run > via my /etc/ppp/ip-up.d/fetchmail-up script > > Here is what I tried to do to get fetchmail to run as user "mail": > > Make a home directory for user mail - /home/mail > set the owner and group for this directory to "mail" > chown mail /usr/bin/fetchmail chgrp mail /usr/bin/fetchmail > chmod 4755 /usr/bin/fetchmail
ack don't do that. setuid bits only work to *elevate* privileges *NOT* droping them. if you don't believe me make a copy of /usr/bin/id and chown it to nobody:nogroup, and chmod 6755 it, then run it as root. all you have done is allow every local user to take over uid mail. (which i think exim might use) > This makes the binary run as user mail despite who calls it (including > root) > create a .fetchmailrc file in the home directory of user "mail" > Edit the /etc/ppp/ip-up.d/fetchmail-up script > Edit the /etc/ppp/ip-down.d/fetchmail-down script > > This didn't work. > I also tried calling fetchmail with the --fetchmailrc and --idfile > options set appropriately. And this didn't work either. ok there are a few problems with this. first fetchmail behaves differently when run as root then as a user. when run as root it makes a pid file in /var/run and acts like any other daemon. when run as a user it looks for things in ~/ and otherwise behaves differently (see the man page). so making fetchmail run as a user but act like it does when run as root is somewhat tricky. if you want to properly change uids change the scripts that run it to use start-stop-daemon --chuid whoever. or use su -c. but you will still have to work out the other daemonization and behavior issues. > I wanted to do it this way 'cause I thought it would be more secure - ie > less things running as root the better. But I guess its not possible to > be cracked via fetchmail since it doesn't accept connections, it makes > them itself. i think the risk level is probably low, though its not non-existent, if there was a format string bug, or a buffer overflow in its pop or imap code then a hostile imap or pop server could potentially send something wacky back and compromise it. or even less likely some sort of flaw in its parsing of the mail it gets. > Any ideas 'cause it would be useful to know how to do it anyway. i am not sure of everything you would have to do to make it replicate its root owned behavior as a non-root user, read the man pages and other documentation. but most importantly put those permisions on /usr/bin/fetchmail back how they were: root.root 0755. -- Ethan Benson http://www.alaska.net/~erbenson/
pgppDKSbt3Wcm.pgp
Description: PGP signature
