develooper Front page | perl.cvs.qpsmtpd | Postings from December 2005

[svn:qpsmtpd] r584 - branches/0.3x

From:
aqua
Date:
December 10, 2005 18:19
Subject:
[svn:qpsmtpd] r584 - branches/0.3x
Message ID:
20051211021944.29879.qmail@x1.develooper.com
Author: aqua
Date: Sat Dec 10 18:19:43 2005
New Revision: 584

Modified:
   branches/0.3x/qpsmtpd-forkserver
Log:
Drop root privileges before loading plugins, rather than after.  This reduces
root exposure, and avoids (e.g.) files being created as root which then won't
be writable by the normal qpsmtpd user.


Modified: branches/0.3x/qpsmtpd-forkserver
==============================================================================
--- branches/0.3x/qpsmtpd-forkserver	(original)
+++ branches/0.3x/qpsmtpd-forkserver	Sat Dec 10 18:19:43 2005
@@ -129,7 +129,6 @@ if ($PID_FILE) {
 
 # Load plugins here
 my $qpsmtpd = Qpsmtpd::TcpServer->new();
-$qpsmtpd->load_plugins;
 
 # Drop privileges
 my (undef, undef, $quid, $qgid) = getpwnam $USER or
@@ -138,7 +137,6 @@ my $groups = "$qgid $qgid";
 while (my ($name,$passwd,$gid,$members) = getgrent()) {
     my @m = split(/ /, $members);
     if (grep {$_ eq $USER} @m) {
-	::log(LOGINFO,"$USER is member of group $name($gid)");
 	$groups .= " $gid";
     }
 }
@@ -149,6 +147,8 @@ POSIX::setuid($quid) or
       die "unable to change uid: $!\n";
 $> = $quid;
 
+$qpsmtpd->load_plugins;
+
 ::log(LOGINFO,"Listening on port $PORT");
 ::log(LOGINFO, 'Running as user '.
 	(getpwuid($>) || $>) .



nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About