Hello,
I'm looking at spamd's behavior when the -P flag is used. On lines 280
and 387 a log message is generated if -P is used and if the script is still running as root. This could happen for two reasons:
1) handle_user() was passed the username "root"
2) no "User" header was passed to spamd
In both cases, I believe spamd should fall back to a default user
of "nobody". Currently this does not happen; processing continues as
root. The only time spamd falls back to nobody is when -P is not used.
I think that whether or not -P is used the following should happen:
a) spamd changes uids to the user running spamc via handle_user()
b) if handle_user() fails or no "User" header, fall back to nobody
c) if that fails, die()
I have attached a patch which turns on this behavior. Comments?
Please CC replies to me.
.joel
--- spamd.raw.bak Fri Mar 8 15:06:44 2002
+++ spamd.raw Sun Mar 10 12:01:51 2002
@@ -275,16 +275,15 @@
}
}
- if ($spamtest->{paranoid} && $setuid_to_user && $> == 0)
- {
- logmsg "PARANOID: Still running as root, close connection.";
- }
- elsif ( $setuid_to_user && $> == 0 )
+ if ( $setuid_to_user && $> == 0 )
{
logmsg "Still running as root: user not specified, ".
"not found, or set to root. Fall back to nobody.";
my $uid = getpwnam('nobody');
- if (!defined $uid) { die "no UID for nobody"; }
+ if (!defined $uid) {
+ logmsg "no UID for nobody, exiting.";
+ die;
+ }
$> = $uid;
}
@@ -382,16 +381,15 @@
}
}
- if ($spamtest->{paranoid} && $setuid_to_user && $> == 0)
- {
- logmsg "PARANOID: Still running as root, close connection.";
- }
- elsif ( $setuid_to_user && $> == 0 )
+ if ( $setuid_to_user && $> == 0 )
{
logmsg "Still running as root: user not specified, ".
"not found, or set to root. Fall back to nobody.";
my $uid = getpwnam('nobody');
- if (!defined $uid) { die "no UID for nobody"; }
+ if (!defined $uid) {
+ logmsg "no UID for nobody, exiting.";
+ die;
+ }
$> = $uid;
}
