On Mon, Jan 11, 2010 at 09:56:21PM -0500, Sam Varshavchik wrote:
> Christoph Anton Mitterer writes:
>> On Sun, 2010-01-10 at 12:29 -0500, Sam Varshavchik wrote:
>>> This depends on the maildrop configuration, but generally setgroupid
>>> won't have any effect if maildrop is invoked as root, since maildrop
>>> will use the userid specified by the -d option to set its running
>>> group and userid anyway.
>> Uhm... what does this mean? It definitely has root-group permissions....
>> (at least the Debian version) ;)
>
> If maildrop runs as root, maildrop can set its userid and groupid,
> maildrop drops root according to the userid and groupid that's specified
> by the -d option. The group id that maildrop gets invoked as, is
> irrelevant as long as the userid is root. The root uid is sufficient for
> any process to change its gid and uid. So, when maildrop is invoked by
> root, its group id, whether natural or if set by the setgroupid bit, has
> no effect.
I think we all agree on that. What Christoph has found, and I have
reproduced, is that it doesn't exactly turn out properly.
Can you verify? Add a simple test user, put `id` in its .mailfilter, and
see what output you get. This is with version 2.2.0.
--
2. That which causes joy or happiness.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
