[Mimedefang] mimedefang does not change UID on FreeBSD 4.5/4.6
Andrey V. Pevnev
andrey at mgul.ac.ru
Tue May 28 18:24:16 EDT 2002
Hello David,
Tuesday, May 28, 2002, 5:57:50 PM, you wrote:
DFS> Actually, it does drop privileges, but you don't see it with ps.
DFS> Let me explain: The milter API does not allow you to create the socket,
Cool, but I think that security is more important than keeping socket
in /var/run For example another libmilter-based application - DrWeb
Anti-Virus keeps it's socket and pid file in /var/drweb/run, and works
perfectly.
According to libmilter/README:
--cut--
+----------------+
| SECURITY HINTS |
+----------------+
Note: we strongly recommend not to run any milter as root. Libmilter
does not need root access to communicate with sendmail. It is a
good security practice to run a program only with root privileges
if really necessary. A milter should probably check first whether
it runs as root and refuse to start in that case.
^^^^^^^^^^^^^^^
--cut--
So, I agree with Martin and sendmail/libmilter authors.
Another IMPORTANT thing: if socket created as root in /var/run,
mimedefang can't delete it after shutdown, so socket will remain in
/var/run, because libmilter has unsufficient privelegies to remove the
socket.
Funny, but if I trying to restart mimedefang - it fails to
start because socket still exists! And I MUST remove the socket in
mimedefang startup script. Is it a reasonable price to just keep it in
/var/run ? I think that NO. Whats wrong in keeping socket for example
in /var/spool/MIMEDefang ?
So, please, drop privelegies as soon as it's possible and BEFORE
smfi_main().
--
Best regards,
MSFU LAN Admin
Andrey mailto:andrey at mgul.ac.ru
http://www.mgul.ac.ru/~andrey
More information about the MIMEDefang
mailing list