struct strlist tmpfs = SLIST_HEAD_INITIALIZER(tmpfs);
struct authusers authusers = LIST_HEAD_INITIALIZER(authusers);
char username[USERNAME_SIZE];
+uid_t useruid;
const char *logident_base;
char errmsg[ERRMSG_SIZE];
int nodot = 0, doqueue = 0, showq = 0, queue_only = 0;
int recp_from_header = 0;
+ set_username();
+
+ /*
+ * We never run as root. If called by root, drop permissions
+ * to the mail user.
+ */
+ if (geteuid() == 0 || getuid() == 0) {
+ struct passwd *pw;
+
+ pw = getpwnam(DMA_ROOT_USER);
+ if (pw == NULL)
+ err(1, "cannot drop root privileges");
+
+ if (setuid(pw->pw_uid) != 0)
+ err(1, "cannot drop root privileges");
+
+ if (geteuid() == 0 || getuid() == 0)
+ errx(1, "cannot drop root privileges");
+ }
+
atexit(deltmp);
init_random();
if (logident_base == NULL)
logident_base = "dma";
setlogident(NULL);
- set_username();
-
- /* XXX fork root here */
act.sa_handler = sighup_handler;
act.sa_flags = 0;
extern struct strlist tmpfs;
extern struct authusers authusers;
extern char username[USERNAME_SIZE];
+extern uid_t useruid;
extern const char *logident_base;
extern char neterr[ERRMSG_SIZE];
"\tid %s\n"
"\tby %s (%s)\n"
"\t%s\n",
- username, getuid(),
+ username, useruid,
queue->sender,
queue->id,
hostname(), VERSION,
set_username(void)
{
struct passwd *pwd;
- uid_t uid;
- uid = getuid();
- if (check_username(getlogin(), uid))
+ useruid = getuid();
+ if (check_username(getlogin(), useruid))
return;
- if (check_username(getenv("LOGNAME"), uid))
+ if (check_username(getenv("LOGNAME"), useruid))
return;
- if (check_username(getenv("USER"), uid))
+ if (check_username(getenv("USER"), useruid))
return;
- pwd = getpwuid(uid);
+ pwd = getpwuid(useruid);
if (pwd != NULL && pwd->pw_name != NULL && pwd->pw_name[0] != '\0') {
- if (check_username(pwd->pw_name, uid))
+ if (check_username(pwd->pw_name, useruid))
return;
}
- snprintf(username, sizeof(username), "uid=%ld", (long)uid);
+ snprintf(username, sizeof(username), "uid=%ld", (long)useruid);
}
void