Menu
▾
▴
Re: [fetchmail-devel] [patch] Drop privileges
|
From: Matthias A. <mat...@gm...> - 2009-04-22 18:22:58
|
Thomas Jarosch schrieb: > Hello together, > > attached is a patch which allows fetchmail to drop root privileges > and run inside a chroot. The idea is to read the config file as root (as it > contains passwords) and setup the logging. The root privileges get dropped > after initialization. > > All new features are optional. This will leave a stale lockfile after > the fetchmail run (not enough privileges to write to /var/run or even > not accessible inside the chroot), fetchmail perfectly > handles that on the next invocation. > > Upstream integration or feedback is welcome :-) > The patch is against fetchmail 6.3.9. > > Have a nice weekend, > Thomas Hi Thomas, sorry for not giving immediate feedback - I've been busy with other things, among them real life and also leafnode releases... At first glance, the patch looks sound, thanks a lot. There's some point in integrating such functionality inside fetchmail, i. e. keeping sensitive data outside fetchmail's accessible area. We'd probably need more detailed instructions of what doesn't work inside chroots (you mentioned /var/run -- and this may require revising the stale lock detection and/or logging), and what needs to be inside the chroot because it's re-read at run-time, for instance, the resolver is re-initialized frequently in daemon mode, so we need some libs and config files inside the chroot, and depending on how much caching the libc does, we may need f. i. /etc/services... unfortunately, this is highly OS and version dependent. I still need to think how to integrate all this, since 6.3.X is supposed to be a bug-fix branch... it seems I need to revive the bit-rotten 6.4.X branch for new features, mark 6.3 "regression fixes only" and move on... I'm also pondering whether fetchmail needs a split-process model some day, which might then solve issues such as the /var/run (PID file) removal problem you mentioned and perhaps allow for a pool of concurrent fetch children - useful with multiple accounts. That's certainly for later... Best Matthias |
