Stephen Gran wrote:
On Tue, May 17, 2005 at 02:56:14PM +0000, Erich Titl said:You could not log problems while dropping privileges, well basically it might go to the (unwatched) console
Stephen Gran wrote:
might lead to problems with logging _before_ dropping privileges...
So you want either all possible checks, or no seperable logging? That does seem like a rather drastic set of solutions to a trivial to fix bug. Moving about 10 lines of code will fix the bug under discussion,
What, in particular, are you thinking of? If the first thing clamd does
is drop priviledges, there is no logging before dropping priviledges.
If the milter tries to log before dropping priviledges (say), it will be
running as root and can write to the logfile. Or am I missing
something?
/* drop privileges */
#ifndef C_OS2
if(geteuid() == 0 && (cpt = cfgopt(copt, "User"))) {
if((user = getpwnam(cpt->strarg)) == NULL) {
fprintf(stderr, "ERROR: Can't get information about user %s.\n", cpt->strarg);
logg("!Can't get information about user %s.\n", cpt->strarg);
exit(1);
}
cheers
Erich _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
