Drop root privileges before loading plugins, rather than after. This reduces

root exposure, and avoids (e.g.) files being created as root which then won't
be writable by the normal qpsmtpd user.


git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@584 958fd67b-6ff1-0310-b445-bb7760255be9
This commit is contained in:
Devin Carraway 2005-12-11 02:19:43 +00:00
parent c9779a3376
commit 239daaf55a

View File

@ -129,7 +129,6 @@ if ($PID_FILE) {
# Load plugins here # Load plugins here
my $qpsmtpd = Qpsmtpd::TcpServer->new(); my $qpsmtpd = Qpsmtpd::TcpServer->new();
$qpsmtpd->load_plugins;
# Drop privileges # Drop privileges
my (undef, undef, $quid, $qgid) = getpwnam $USER or my (undef, undef, $quid, $qgid) = getpwnam $USER or
@ -138,7 +137,6 @@ my $groups = "$qgid $qgid";
while (my ($name,$passwd,$gid,$members) = getgrent()) { while (my ($name,$passwd,$gid,$members) = getgrent()) {
my @m = split(/ /, $members); my @m = split(/ /, $members);
if (grep {$_ eq $USER} @m) { if (grep {$_ eq $USER} @m) {
::log(LOGINFO,"$USER is member of group $name($gid)");
$groups .= " $gid"; $groups .= " $gid";
} }
} }
@ -149,6 +147,8 @@ POSIX::setuid($quid) or
die "unable to change uid: $!\n"; die "unable to change uid: $!\n";
$> = $quid; $> = $quid;
$qpsmtpd->load_plugins;
::log(LOGINFO,"Listening on port $PORT"); ::log(LOGINFO,"Listening on port $PORT");
::log(LOGINFO, 'Running as user '. ::log(LOGINFO, 'Running as user '.
(getpwuid($>) || $>) . (getpwuid($>) || $>) .