[stunnel-users] privileges not dropped before libwrap processes are spawned

Micah Anderson micah at riseup.net
Mon Dec 21 20:09:23 CET 2009


Michal Trojnara <Michal.Trojnara at mirt.net> writes:

> Micah Anderson wrote:
>> I recently stumbled on
>> http://mirt.net/pipermail/stunnel-users/2008-May/001977.html which is
>> exactly what I am seeing with version 4.27 of stunnel, namely the
>> daemon
>> is not switching to the setuid/setgid specified in the config before
>> it
>> is spawned.
>>
>> This means that I get 6 processes, 5 run as root with only one (albeit
>> the one lisenting on the specified sockets) dropping privs to the
>> specified user.
>
> That's how it was designed.  5 helper processes that only perform
> libwrap checking do not perform chroot/setuid/setgid.  If you don't
> like it just disable libwrap support:

If this is how it was designed, may I ask why you say the following[0],
in a direct response to someone else asking this same question:

        I'll modify stunnel to delay spawning libwrap processes until
        privileges are dropped.

and then soon after, you released a version 4.25 of stunnel, with this
changelog entry:

          * Bugfixes
            - Spawning libwrap processes delayed until privileges are
          dropped.

but we do not see the libwrap processes spawned as anything but the
privileged user still.

I'm sorry if I am missing something obvious here, and I appreciate your
explanation!

thanks for your work on stunnel,
micah

0. http://mirt.net/pipermail/stunnel-users/2008-May/001978.html 




More information about the stunnel-users mailing list