Menu
▾
▴
Re: [fetchmail-devel] Drop privileges
|
From: Thomas J. <tho...@in...> - 2009-04-30 11:13:52
|
Hello Sunil, > Here are some thoughts on the options in your patch. Thanks for your review! > The run_chroot option: > ... > Your patch will work correctly only if fetchmail does not open any > file or run any script after the chroot. > > Also, ensuring that the preconnect script runs properly in the chroot > will be next to impossible. Yes, that is true. > The run_user and run_group options: > > fetchmail is essentially a user-level daemon program. Unlike a system > daemon, it does not require special privileges to read the > configuration files and it does not bind to a reserved port. So, it is > far simpler to start fetchmail with a command like: > > # su user -c fetchmail > > rather than > > # fetchmail --run_user user > > Is it really useful to have passwords in a root-owned file? Does it > add to security? In case you really want that, you may run fetchmail > in this fashion as root: > > # su user -c fetchmail -f - < /etc/fetchmailrc > > The added advantage is that the lockfile is the correct place. > > Another problem will be that if /etc/fetchmailrc is modified after > fetchmail is invoked with the --run_user option, it will detect the > file modification and exit because the file cannot be read again due > to dropping of privileges. Try this: > > # fetchmail --run_user user --daemon 1800 > [ wait for one poll to complete ] > # touch /etc/fetchmailrc > # fetchmail > > This will not happen with the invocation with redirection! Interesting approach with the redirection, didn't think of it before. We don't run fetchmail in daemon mode, we start it for a single run as it doesn't know if the online connection is available or if the mail system is currently reconfigured on our site. Basically fetchmail is controlled by another daemon. The new features are completly optional and allow you to harden the security in basic setups if running in non-daemon mode. If the normal fetchmail usage is the daemon mode, then I guess it's not very useful. Hmm. Cheers, Thomas |
