Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
This website is powered by Openwall GNU/*/Linux security-enhanced OS
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Sun, 22 Dec 2002 18:54:49 +0100
From: Peter van Dijk <peter@...aloss.nl>
To: popa3d-users@...ts.openwall.com
Subject: Re: Question about using popa3d and stunnel

On Sun, Dec 22, 2002 at 07:20:51PM +0300, Solar Designer wrote:
[snip]
> It's a really good idea to have stunnel running as a dedicated
> pseudo-user (I don't know if this still requires patching, it used
> to).  There have been numerous security holes discovered in both
> stunnel itself and in OpenSSL that it uses.

>From the manpage:
       -s username
           setuid() to username in daemon mode

       -g groupname
           setgid() to groupname in daemon mode. Clears all other
           groups.

This is stunnel 3.22 from the FreeBSD ports. Above functionality does
not seem to come from a patch applied by the port.

Greetz, Peter
-- 
peter@...aloss.nl  |  http://www.dataloss.nl/  |  Undernet:#clue
http://www.blinkenlights.nl/party/ - birthday party (page in Dutch)
all geeks invited - send mail to party@...nkenlights.nl for more info

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux