[tpop3d-discuss] Make tpop3d not run as root, and send another banner..

Davi Arnaut davi at mrmentes.com.br
Mon, 05 Aug 2002 09:45:08 -0300


Some of you, like me, which runs tpop3d with auth on mysql,
and all mailspool under the same uid/gid, and wonder why
tpop3d still runs under root uid, this is a patch to
make tpop3d run under the uid of the mailspool, droping root
privileges, making tpop3d more secure.

On around line 750 of mail.c add:

na = authswitch_init();
...
log_print(LOG_INFO, _("%d authentication drivers successfully loaded"), na);

/* run as uid/gid mail (the uid/gid of the mailspool) by davi@hotpop.com */

if (getgid() == 0 && setgid(12)) /* change the 12 to change the  */
log_print(LOG_ERR, _("no setgid mail."));

if (getuid() == 0 && setuid(8)) /* change the 8 to change the uid */
log_print(LOG_ERR, _("no setuid mail."));

/* end uid/gid mail */

...
net_loop();a
...


-----------------------------------------------------
And this if for those who, for security reasons, want
to change the tpop3d "banner" for something else..

On around line 128 if connection.c change:

if (!connection_sendresponse(c, 1, c->timestamp)) {
to:
if (!connection_sendresponse(c, 1, _("Pop3 Hello World!"))) {

It should be like this:

c->idlesince = time(NULL);
if (!connection_sendresponse(c, 1, _("Hello World!")) ) {
log_print(LOG_ERR, "connection_new: could not s......
goto fail; }