[stunnel-users] privileges not dropped before libwrap processes are spawned
Michal Trojnara
Michal.Trojnara at mirt.net
Wed Nov 25 21:01:37 CET 2009
Micah Anderson wrote:
> I recently stumbled on
> http://mirt.net/pipermail/stunnel-users/2008-May/001977.html which is
> exactly what I am seeing with version 4.27 of stunnel, namely the
> daemon
> is not switching to the setuid/setgid specified in the config before
> it
> is spawned.
>
> This means that I get 6 processes, 5 run as root with only one (albeit
> the one lisenting on the specified sockets) dropping privs to the
> specified user.
That's how it was designed. 5 helper processes that only perform
libwrap checking do not perform chroot/setuid/setgid. If you don't
like it just disable libwrap support:
./configure --disable-libwrap && make clean && make && make install
Best regards,
Mike
More information about the stunnel-users
mailing list