[tpop3d-discuss] Make tpop3d not run as root, and send another banner..

Chris Lightfoot chris at ex-parrot.com
Mon, 5 Aug 2002 14:17:21 +0100


On Mon, Aug 05, 2002 at 09:45:08AM -0300, Davi Arnaut wrote:
> Some of you, like me, which runs tpop3d with auth on mysql,
> and all mailspool under the same uid/gid, and wonder why
> tpop3d still runs under root uid, this is a patch to
> make tpop3d run under the uid of the mailspool, droping root
> privileges, making tpop3d more secure.

That's a good idea. I'll put a non-hard-coded version
in the `to do' list for the next version....


> And this if for those who, for security reasons, want
> to change the tpop3d "banner" for something else..
> 
> On around line 128 if connection.c change:
> 
> if (!connection_sendresponse(c, 1, c->timestamp)) {
> to:
> if (!connection_sendresponse(c, 1, _("Pop3 Hello World!"))) {
> 
> It should be like this:
> 
> c->idlesince = time(NULL);
> if (!connection_sendresponse(c, 1, _("Hello World!")) ) {
> log_print(LOG_ERR, "connection_new: could not s......
> goto fail; }

Hmm. One consequence of this is that APOP logins can't
work -- they depend on the existence of a bracketed
timestamp string.

-- 
``Outside of a dog, a book is a man's best friend.
  Inside of a dog, it's too dark to read.'' (Groucho Marx)