Hi,
I recently stumbled on http://mirt.net/pipermail/stunnel-users/2008-May/001977.html which is exactly what I am seeing with version 4.27 of stunnel, namely the daemon is not switching to the setuid/setgid specified in the config before it is spawned.
This means that I get 6 processes, 5 run as root with only one (albeit the one lisenting on the specified sockets) dropping privs to the specified user.
The follow-up response from Mike was:
I'll modify stunnel to delay spawning libwrap processes until privileges are dropped.
and indeed, I find in the Changelog file for version 4.25 the following Bugfixes:
* Bugfixes - Spawning libwrap processes delayed until privileges are dropped.
However, it seems that either this fix either didn't make it in, or it somehow managed to creep its way back out because it is happening in 4.27.
Thanks, micah