Menu
▾
▴
Re: [fetchmail-users] WARNING: Running as root is discouraged.
|
From: Matthias A. <mat...@gm...> - 2005-11-17 11:02:02
|
Thomas Wolff schrieb am 2005-11-11: > There is this new warning "WARNING: Running as root is discouraged." > which is somehow disturbing. Yes, and that is deliberate. Networking clients should never run with root privileges, and fetchmail is no exception. Fetchmail does not need root privileges to forward mail, the only conceivable scenario where it needs root privileges is one where it calls an MDA for a different user. In this scenario, fetchmail should use IPC (Unix domain socket, named pipe or similar) to talk from one unprivileged process to another. This won't happen in the near future though, unless someone else finds the time to do that. > I thought fetchmail is also intended as a system installation > for multi-user mail retrieval so it's actually a designed mode to > run fetchmail as root (and the message seems to be unconditional, > looking at the code). That was how it originally worked, but the fetchmail 6.2.5 code Rob, Graham and I took over was utterly unsuitable to run as root, as you can read in <http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt> (CVE-2005-2335). The 6.2.5 code was so bold as to fall back to sprintf on systems where snprintf was unavailable, which opened up even more buffer overrun possibilities. 6.3.0 uses trio_snprintf instead on such systems. There is a reason why I recommend 6.2.9-rc* to everyone, and that is many more bugfixes. > Also I don't need this message when I retrieve my personal mailbox while > regularly working as root on my home machine; this may not be I don't care if you work as root on your home machine and fetchmail pesters you with this warning. On some day in the future, fetchmail might have a model where it can give up privileges for good in the process that talk to the network and only retain privileges for MDA based setups where someone needs to run the MDA of somebody else's. This model will certainly not be the seteuid() swapping crap as that's not secure. Look at sendmail to learn some lessons about this. > recommended in general but it's not fetchmail to tell me that every > time I retrieve my mail. Evidently, it is. Sorry for my being so boldfaced. > Please remove the message. Refused. Please fix the way you work. This is not Windows, and sudo(1) works well for the few moments when you need more power than the regular user. <http://www.courtesan.com/sudo/> fetchmail is a tool for the end user who is usually untrained about systems administrations, putting up obstacles and annoyances while he works as root is the right thing to do. -- Matthias Andree |
