Jonathan Steinert wrote:
> The patch below may not be perfect, but it does set the user and group
down when you start as root and supply the right arguments.
TMTOWTDI
--Jonathan Steinert
... and it wasn't perfect, didn't even work completely. Thanks to Dieter
for pointing out that I need to setgid before I setuid, and several
other crazy things I did.
Here is a diff of the corrected version. It also bails if the
setuid/setgid fails.
--Jonathan Steinert
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡
--- spfd 2003-12-04 13:41:31.000000000 -0600
+++ spfd 2003-12-16 12:51:02.000000000 -0600
@@ -1,4 +1,4 @@
-#!/icg/bin/perl -sw
+#!/usr/bin/perl -sw
# simple forking daemon to provide SPF services
# mengwong+spf(_at_)pobox(_dot_)com
@@ -16,10 +16,10 @@
use Socket;
use strict;
-use vars qw($port $path);
+use vars qw($port $path $group $user);
sub usage () {
- print "usage: spfd ( -port=5970 | -path=/var/spfd )\n";
+ print "usage: spfd ( -port=5970 | -path=/var/spfd ) [-user=(uid|username)]
[-group=(gid|groupname)]\n";
print "usage: spfd assuming -port=5970\n";
}
@@ -35,6 +35,26 @@
exit 1;
}
+if ($group) {
+ if ($group =~ /\D/) {
+ $group = getgrnam($group) || die "Group: $group not found\n";
+ }
+ $( = $) = $group;
+ unless ($( == $) and $( == $group) {
+ die( "setgid($group) call failed: $!\n" );
+ }
+}
+
+if ($user) {
+ if ($user =~ /\D/) {
+ $user = getpwnam($user) || die "User: $user not found\n";
+ }
+ $< = $> = $user;
+ unless ($< == $> and $< == $user) {
+ die( "setuid($user) call failed: $!\n" );
+ }
+}
+
$|++;
my @args;
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡