[Mimedefang] mimedefang does not change UID on FreeBSD 4.5/4.6
David F. Skoll
dfs at roaringpenguin.com
Tue May 28 09:57:50 EDT 2002
On Tue, 28 May 2002, Martin Matuska wrote:
> mimedefang-multiplexor process does change its uid and sock owner if the -U
> flag is specified, so everything ok.
> mimedefang does not - it remains root even if -U is specified.
Actually, it does drop privileges, but you don't see it with ps.
Let me explain: The milter API does not allow you to create the socket,
change uid, and then listen on the socket. It just has a do-it-all
main-loop entry point called "smfi_main()" that opens the socket,
listens on it, and does all the work. I think the milter writers should
split the call into "smfi_open_socket" and "smfi_main_loop".
So, alas, we have to change uid the first time milter calls out to us,
which is done in the function mfconnect. See lines 467-472 of
mimedefang.c You can verify that MIMEDefang is actually changing uid
by temporarily using the "-d" flag so that spool files are not
removed. You should verify that the files created by mimedefang are
indeed owned by the "-U" user and not by root.
> If I add the following patch, mimedefang does change uid, but the
> path to sockfile has to point into a directory that is writable and
> readable by the specified user.
Which is why I didn't do it that way.
If you do the "-d" test and you discover that the spool files are root-owned,
then there is a problem. Let me know if you see that.
Regards,
David.
More information about the MIMEDefang
mailing list