Re: [stunnel-users] privileges not dropped before libwrap processes are spawned

Micah Anderson wrote:

I recently stumbled on http://mirt.net/pipermail/stunnel-users/2008-May/001977.html which is exactly what I am seeing with version 4.27 of stunnel, namely the daemon is not switching to the setuid/setgid specified in the config before it is spawned.

This means that I get 6 processes, 5 run as root with only one (albeit the one lisenting on the specified sockets) dropping privs to the specified user.

That's how it was designed. 5 helper processes that only perform libwrap checking do not perform chroot/setuid/setgid. If you don't like it just disable libwrap support:

./configure --disable-libwrap && make clean && make && make install

Best regards, Mike