Re: [tpop3d-discuss] Option to chroot() for virtual servers

tpop3d-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tpop3d-discuss] Option to chroot() for virtual servers

From:	Chris Lightfoot
Subject:	Re: [tpop3d-discuss] Option to chroot() for virtual servers
Date:	Mon, 16 Dec 2002 15:12:02 +0000
User-agent:	Mutt/1.3.24i

On Sun, Dec 15, 2002 at 06:48:54PM -0600, Travis Miller wrote:
> My Question:
> Does this seem like a worth while advantage to add?

yes... I'm not 100% sure about the way you've implemented
it, though, for the reasons you raise. I'd be more
inclined to chroot just before calling setuid in
fork_child, using the directory containing the mailbox as
the new root. At this stage it would also be possible to
close all remaining fds (though this would break
logging...). Another, less serious, problem is that
c-client style locking requires access to a shared /tmp.
This isn't likely to be a problem in your configuration.

Dropping root privilege before calling net_loop is
certainly sensible for configurations where all mailspools
are held by one user, and I'll incorporate that in the
next release, when I have some time to work on it (not in
the near future, I'm afraid).

-- 
Murder is always a mistake.... One should never do anything which
one cannot talk about after dinner (Wilde)

[Prev in Thread]

Current Thread

[Next in Thread]

[tpop3d-discuss] Option to chroot() for virtual servers, Travis Miller, 2002/12/15
- Re: [tpop3d-discuss] Option to chroot() for virtual servers, Chris Lightfoot <=

Prev by Date: [tpop3d-discuss] Can't connect to local MySQL server
Next by Date: [tpop3d-discuss] Trivial logging bug in auth_mysql.c
Previous by thread: [tpop3d-discuss] Option to chroot() for virtual servers
Next by thread: [tpop3d-discuss] Can't connect to local MySQL server
Index(es):
- Date
- Thread