[Mimedefang] mimedefang does not change UID on FreeBSD 4.5/4.6

David F. Skoll dfs at roaringpenguin.com
Tue May 28 09:57:50 EDT 2002


On Tue, 28 May 2002, Martin Matuska wrote:

> mimedefang-multiplexor process does change its uid and sock owner if the -U
> flag is specified, so everything ok.
> mimedefang does not - it remains root even if -U is specified.

Actually, it does drop privileges, but you don't see it with ps.

Let me explain:  The milter API does not allow you to create the socket,
change uid, and then listen on the socket.  It just has a do-it-all
main-loop entry point called "smfi_main()" that opens the socket,
listens on it, and does all the work.  I think the milter writers should
split the call into "smfi_open_socket" and "smfi_main_loop".

So, alas, we have to change uid the first time milter calls out to us,
which is done in the function mfconnect.  See lines 467-472 of
mimedefang.c You can verify that MIMEDefang is actually changing uid
by temporarily using the "-d" flag so that spool files are not
removed.  You should verify that the files created by mimedefang are
indeed owned by the "-U" user and not by root.

> If I add the following patch, mimedefang does change uid, but the
> path to sockfile has to point into a directory that is writable and
> readable by the specified user.

Which is why I didn't do it that way.

If you do the "-d" test and you discover that the spool files are root-owned,
then there is a problem.  Let me know if you see that.

Regards,

David.




More information about the MIMEDefang mailing list