search for: drop_privileg

...d.h> +#include <grp.h> +#include <sys/types.h> #ifndef _WIN32 #include <sys/socket.h> @@ -164,6 +167,9 @@ /* Initialize some platform dependant network stuff */ initialize_network (); + /* Drop to unprivileged user if defined. */ + drop_privileges(); + /* Initialize the interpreter (if configured) */ interpreter_init (); @@ -231,6 +237,80 @@ #endif } +void drop_privileges() +{ +#ifdef _WIN32 + return; +#else + struct passwd *pwd; + uid_t uid, cuid; + gid_t gid; + + if (info.ice...

..._preinit (auth_passdb=0x5bbe8, args=0x5bc08 "/opt/RDGdovect/etc/dovecot-ldap.conf") at passdb-ldap.c:486 #2 0x2328c in passdb_preinit (auth=0x5b838, driver=0xffbefec0 "ldap", args=0x0, id=332176) at passdb.c:169 #3 0x17648 in auth_preinit () at auth.c:45 #4 0x1ff0c in drop_privileges () at main.c:195 #5 0x2024c in main (argc=0, argv=0xffbefb54) at main.c:319 and with scope left commented out: #0 0xff0cf600 in strcasecmp () from /usr/lib/libc.so.1 (gdb) bt #0 0xff0cf600 in strcasecmp () from /usr/lib/libc.so.1 #1 0x1df58 in scope2str (str=0x0) at db-ldap.c:116 #2 0x1ec4...

On 03/04/2015 09:45 PM, Dave McGuire wrote: > On 03/04/2015 03:37 PM, Oliver Welter wrote: >> Am 04.03.2015 um 21:03 schrieb Dave McGuire: >>> Am 04.03.2015 um 20:12 schrieb Michael Orlitzky: >>>> Please add [DNSBL] support to iptables instead of Dovecot. It's a waste of >>>> effort to code it into every application that listens on the network.

Hi, LOG_NDELAY is the only option for openlog() in dovecot 1.1.2. Wouldn't be LOG_NDELAY|LOG_PID as option parameter much more useful? Without logging the pid, it is impossible to match 'Disconnected' log entries and the corresponding session start/login. Therefore I suggest to use LOG_NDELAY|LOG_PID in the options of i_set_failure_syslog() at all 6 occurrences which passes it

I am trying to run Dovecot on RH 7.3 with Linux kernel 2.4.20 + GrSecurity patch. I downloaded the RPM yesterday and installed it. When I start Dovecot the kernel reports: kernel: grsec: From 192.168.1.22: attempt to overstep process limit by (dovecot:14491) UID(0) EUID(0), parent (dovecot:23872) UID(0) EUID(0) I have never seen this problem in the 3 years I have used GrSecurity together with a

...porarily) dropped to the mail user's privileges after userdb lookup. If only a single UID is used, user can be set to the mail UID for higher security, because the process can't gain root privileges anymore. And the code says it should work: <src/indexer/indexer-worker.c> static void drop_privileges(void) { [...] if (set.uid != 0) { /* open config connection before dropping privileges */ Of course the config socket is locked down as it should be: srw------- 1 root daemon 0 Feb 11 13:06 /var/run/dovecot/config Here's where the error comes from: 2 libdovecot.0.dyl...

Hi all For various reasons I was looking into 2.6, so I installed a copy on my desktop. Everything works fine, except for dovecot - errors such as this appeared in the syslog: Jul 15 14:41:09 typhaon dovecot: Dovecot starting up Jul 15 14:41:12 typhaon imap-login: setuid(113) failed: Resource temporarily unavailable Jul 15 14:41:12 typhaon dovecot: Login process died too early - shutting down I

Howdy folks ! I just added Dovecot as a standard package to Devil-Linux and ran into a problem with resource limits. Grsecurity (http://www.grsecurity.net) is used in DL to prevent problems with common exploits, it also reports violations of rlimits. The following messages show up in the log, but it seems that the IMAP Server works fine: Apr 26 19:20:04 src at gate imap-login: Login: hz

On Wed, 12 Aug 2020 at 13:11, Nicolas Kovacs <info at microlinux.fr> wrote: > Le 11/08/2020 ? 17:42, Kaushal Shriyan a ?crit : > > I am running CentOS Linux release 8.2.2004 (Core). Are there any > > instructions to install OpenVAS for CentOS Linux release 8.2.2004 (Core)? > > > > Thanks in advance and I look forward to hearing from you. > > For what