Reply to this topicStart new topicStart Poll

> Root Privileges
akbsol
Posted: Jan 24 2010, 06:51 AM
Quote Post


Newbie
*

Group: Members
Posts: 23
Member No.: 2703
Joined: 10-November 07



Hi,

Why XMail doesn't have the feature to drop root privileges after binding to ports like many other popular daemons have?

-Akash
PMEmail Poster
Top
Sob
Posted: Jan 24 2010, 04:28 PM
Quote Post


Member
***

Group: Members
Posts: 53
Member No.: 2881
Joined: 19-April 08



You can run non-root XMail if you want.

There's an old approach using high port numbers and redirecting the proper ports to them using iptables. I don't really like it and it doesn't work with IPv6, because there's no REDIRECT target in ip6tables (at least wasn't when I last checked).

If you use Linux, you can use capabilities to run XMail as unpriviliged user and still allow it to bind to lower ports. Look for commands like sucap and execcap. Although Linux kernel has this functionality for years, you need quite recent 2.6 kernel to actually use it with mentioned command line tools.
PMEmail Poster
Top
akbsol
Posted: Jan 27 2010, 07:19 PM
Quote Post


Newbie
*

Group: Members
Posts: 23
Member No.: 2703
Joined: 10-November 07



I have already gone through those no not so nice ways to run non-root Xmail. What I am failing to understand is that why the developer hasn't still implemented simple setuid & setgid calls within the program itself.

-Regards,
Akash
PMEmail Poster
Top
0 User(s) are reading this topic (0 Guests and 0 Anonymous Users)
0 Members:
« Next Oldest | XMail Server | Next Newest »

Reply to this topicStart new topicStart Poll