byterazor/qpsmtpd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Drop root privileges before loading plugins, rather than after. This reduces

Browse Source 
root exposure, and avoids (e.g.) files being created as root which then won't
be writable by the normal qpsmtpd user.


git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@584 958fd67b-6ff1-0310-b445-bb7760255be9
This commit is contained in:
Devin Carraway 2005-12-11 02:19:43 +00:00
parent c9779a3376
commit 239daaf55a
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
qpsmtpd-forkserver
View File

@ -129,7 +129,6 @@ if ($PID_FILE) {
# Load plugins here # Load plugins here
my $qpsmtpd = Qpsmtpd::TcpServer->new(); my $qpsmtpd = Qpsmtpd::TcpServer->new();
$qpsmtpd->load_plugins;
# Drop privileges # Drop privileges
my (undef, undef, $quid, $qgid) = getpwnam $USER or my (undef, undef, $quid, $qgid) = getpwnam $USER or
@ -138,7 +137,6 @@ my $groups = "$qgid $qgid";
while (my ($name,$passwd,$gid,$members) = getgrent()) { while (my ($name,$passwd,$gid,$members) = getgrent()) {
my @m = split(/ /, $members); my @m = split(/ /, $members);
if (grep {$_ eq $USER} @m) { if (grep {$_ eq $USER} @m) {
::log(LOGINFO,"$USER is member of group $name($gid)");
$groups .= " $gid"; $groups .= " $gid";
} }
} }
@ -149,6 +147,8 @@ POSIX::setuid($quid) or
die "unable to change uid: $!\n"; die "unable to change uid: $!\n";
$> = $quid; $> = $quid;
$qpsmtpd->load_plugins;
::log(LOGINFO,"Listening on port $PORT"); ::log(LOGINFO,"Listening on port $PORT");
::log(LOGINFO, 'Running as user '. ::log(LOGINFO, 'Running as user '.
(getpwuid($>) || $>) . (getpwuid($>) || $>) .