[Mimedefang] mimedefang does not change UID on FreeBSD 4.5/4.6

[Andrey V. Pevnev]

Hello David,

Tuesday, May 28, 2002, 5:57:50 PM, you wrote:
DFS> Actually, it does drop privileges, but you don't see it with ps.
DFS> Let me explain:  The milter API does not allow you to create the socket,

Cool, but I think that security is more important than keeping socket
in /var/run For example another libmilter-based application - DrWeb
Anti-Virus keeps it's socket and pid file in /var/drweb/run, and works
perfectly.

According to libmilter/README:

--cut--
+----------------+
| SECURITY HINTS |
+----------------+

Note: we strongly recommend not to run any milter as root.  Libmilter
does not need root access to communicate with sendmail.  It is a
good security practice to run a program only with root privileges
if really necessary.  A milter should probably check first whether
it runs as root and refuse to start in that case.
                    ^^^^^^^^^^^^^^^
--cut--

So, I agree with Martin and sendmail/libmilter authors.

Another IMPORTANT thing: if socket created as root in /var/run,
mimedefang can't delete it after shutdown, so socket will remain in
/var/run, because libmilter has unsufficient privelegies to remove the
socket.
Funny, but if I trying to restart mimedefang - it fails to
start because socket still exists! And I MUST remove the socket in
mimedefang startup script. Is it a reasonable price to just keep it in
/var/run ? I think that NO. Whats wrong in keeping socket for example
in /var/spool/MIMEDefang ?
So, please, drop privelegies as soon as it's possible and BEFORE
smfi_main().

-- 
Best regards,
MSFU LAN Admin
 Andrey                            mailto:andrey at mgul.ac.ru
 http://www.mgul.ac.ru/~andrey