Hello,
I have stepped up as a maintainer of the fetchmail package for
the ALT Linux distribution. Among my first accomplishments on this
duty is a patch that allows skipping permission checks on
configuration files, by means of the "nopermcheck" option.
It's useful when one has a system-wide config file owned by
root, yet prefers to run fetchmail under a distinct user ID.
Another reason is that using 'versioninfo' flag
as a guide to skip checks doesn't seem very logical.
An exception is made for the UID file -- it's always checked
unless the version info mode is in effect. The patch is attached
below.
It's all fine, but I think, the whole concept of
"perform strict checks on a file with lstat(), then open it"
is flawed because it leaves race conditions lurking.
It'd be far more secure to open a file, fstat() it, then
proceed with the file descriptor.
--
Stay tuned,
MhZ JID: mookid(_at_)jabber(_dot_)org
___________
FORTRAN is the language of Powerful Computers.
-- Steven Feiner
fetchmail-5.9.11-nopermcheck.patch
Description: Text document