Tom Collins writes: > This is an interesting point and I'd love to find a clean solution to > this issue.
I don't think you'll find a clean solution which doesn't involve set-id. All the others are messy to administer, like a MySQL username per system user or adding a special group to every user (do all *nixes handle that well these days?) How about this: 1) An additional user and group, vpsql, used for absolutely no other purpose (except perhaps as owner of vpopmail database). 2) MySQL username and password in a file readable only by vpsql user and group, and writeable only by vpsql user (if that - most people will probably edit it as root). 3) A very small utility that is setgid vpsql. It does the following when passed a username and password to verify. a) Reads the information in the password file. b) Drops setgid so it can do nothing further with the password file. c) Connects to MySQL. e) Verifies mail username and password against database. f) Returns go or no-go. I expect at least one person will poke holes in that somewhere, but I think the general principle is correct. Assuming you can drop setgid reliably (and not have it resurrected by an exploit later) then it ought to be safe. It would need a very close code audit but there's not going to be much code there to audit. The overhead of an extra process invocation per authentication is undesirable but, I think, unavoidable. You could just build it all into vchkpw but then a code audit would be a lot harder. Admittedly, if you read the password file as the very first thing you do and drop setgid as the very second thing you do then the rest ought not to matter, but with a separate vpsql user/group/program there is far less code containing possible exploits if somebody does know a way of regaining setgid after dropping it. Extending the idea to do allow qmailadmin and the like to modify user details is a SMOP. My preference would be for several utilies each restricted to one task like authentication, get user info, write user info rather than one big one that takes switches telling it what to do. -- Paul Allen Softflare Support