On Mon, Nov 21, 2005 at 10:52:39PM +0100, Peter J. Holzer wrote:
> privileges after loading the modules is definitely bad: There is a good
> chance that the logfiles will be created with owner root, but later
> forkserver will run as a non-privileged user and be unable to reopen
> them.
And behold, this was just filed as Debian Bug#342336. Could have sworn I
tested it with a purge/install/connect loop.
Here's the patch I'm testing before upload. If any plugins do ultimately need
root, we might so an extra load_plugins() before dropping privileges, using a
different configuration file or something along those lines.
--
Devin \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2
Index: 0.31.1/qpsmtpd-forkserver
===================================================================
--- 0.31.1/qpsmtpd-forkserver (revision 582)
+++ 0.31.1/qpsmtpd-forkserver (working copy)
@@ -129,7 +129,6 @@
# Load plugins here
my $qpsmtpd = Qpsmtpd::TcpServer->new();
-$qpsmtpd->load_plugins;
# Drop privileges
my (undef, undef, $quid, $qgid) = getpwnam $USER or
@@ -138,7 +137,6 @@
while (my ($name,$passwd,$gid,$members) = getgrent()) {
my @m = split(/ /, $members);
if (grep {$_ eq $USER} @m) {
- ::log(LOGINFO,"$USER is member of group $name($gid)");
$groups .= " $gid";
}
}
@@ -149,6 +147,8 @@
die "unable to change uid: $!\n";
$> = $quid;
+$qpsmtpd->load_plugins;
+
::log(LOGINFO,"Listening on port $PORT");
::log(LOGINFO, 'Running as user '.
(getpwuid($>) || $>) .
