Issue 9168: setuid in smtp.py sheds privileges before binding port
Created on 2010-07-05 16:20 by alfmel, last changed 2022-04-11 14:57 by admin. This issue is now closed.
| Files | ||||
|---|---|---|---|---|
| File name | Uploaded | Description | Edit | |
| smtpd.py-0.2-setuid-fix.diff | alfmel, 2010-07-05 16:20 | Fix setuid/bind order patch | ||
| smtpd.py-0.2-setuid-fix_v2.diff | petri.lehtinen, 2011-10-20 08:59 | Fix setuid/bind order | ||
| Messages (6) | |||
|---|---|---|---|
| msg109336 - (view) | Author: Alberto Trevino (alfmel) | Date: 2010-07-05 16:20 | |
The SMTP proxy server in Python (smtpd.py) allows you to shed privileges and run as user nobody. However, if you are trying to use port 25, the server will shed privileges before binding the port, causing a bind failure. By moving the setuid code between the creation of the proxy server and the aysncore loop, we can bind a port below 1024 and run as nobody. |
|||
| msg113940 - (view) | Author: Alberto Trevino (alfmel) | Date: 2010-08-15 04:10 | |
I haven't heard anything on this problem or my patch. What's the status? |
|||
| msg146012 - (view) | Author: Petri Lehtinen (petri.lehtinen) *  |
Date: 2011-10-20 08:59 | |
The patch looks good to me and fixes the problem. To reproduce, try this:
sudo python -m smtpd 127.0.0.1:25
It raises a "socket.error: [Errno 13] Permission denied" when trying to bind to the privileged port.
Attached a refreshed the patch that applies cleanly on top of current 2.7 branch.
|
|||
| msg146052 - (view) | Author: Roundup Robot (python-dev)  |
Date: 2011-10-20 21:15 | |
New changeset 7d92b94b0eec by Florent Xicluna in branch '3.2': Issue #9168: now smtpd is able to bind privileged port. http://hg.python.org/cpython/rev/7d92b94b0eec New changeset bbd92b42508e by Florent Xicluna in branch 'default': Issue #9168: now smtpd is able to bind privileged port. http://hg.python.org/cpython/rev/bbd92b42508e |
|||
| msg146053 - (view) | Author: Roundup Robot (python-dev) |
Date: 2011-10-20 21:22 | |
New changeset d2f303861c98 by Florent Xicluna in branch '2.7': Issue #9168: now smtpd is able to bind privileged port. http://hg.python.org/cpython/rev/d2f303861c98 |
|||
| msg146054 - (view) | Author: Florent Xicluna (flox) * |
Date: 2011-10-20 21:30 | |
Fixed. Thank you for the patch. |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:57:03 | admin | set | github: 53414 |
| 2011-10-20 21:30:32 | flox | set | status: open -> closed nosy:
+ flox resolution: fixed |
| 2011-10-20 21:22:25 | python-dev | set | messages: + msg146053 |
| 2011-10-20 21:15:43 | python-dev | set | nosy:
+ python-dev messages: + msg146052 |
| 2011-10-20 08:59:55 | petri.lehtinen | set | files:
+ smtpd.py-0.2-setuid-fix_v2.diff versions: - Python 3.1 nosy: + petri.lehtinen messages: + msg146012 |
| 2011-02-04 01:21:19 | eric.araujo | set | keywords:
+ needs review nosy: barry, giampaolo.rodola, alfmel versions: + Python 2.7, Python 3.2, Python 3.3 type: crash -> behavior stage: patch review |
| 2010-08-15 04:10:33 | alfmel | set | messages: + msg113940 |
| 2010-08-06 00:26:36 | alfmel | set | type: crash versions: + Python 3.1, - Python 3.2 |
| 2010-07-05 17:27:32 | giampaolo.rodola | set | nosy:
+ giampaolo.rodola |
| 2010-07-05 16:20:39 | alfmel | create | |