diff options
author | John Denker <jsd@av8n.com> | 2012-07-22 14:43:07 -0700 |
---|---|---|
committer | John Denker <jsd@av8n.com> | 2012-07-29 15:32:35 -0700 |
commit | abb71cf6b1145588827d04de4da3bb48ecb06965 (patch) | |
tree | 1f409a70481aaf980cc917d4a45551e1725beb7d /tools | |
parent | 8ce08aca2410c795dfc46f37dc27402ff6de5dd1 (diff) |
set program gid (not just egid) the way mailman likes it
Diffstat (limited to 'tools')
-rw-r--r-- | tools/makefile | 22 | ||||
-rw-r--r-- | tools/wripper.c | 53 |
2 files changed, 69 insertions, 6 deletions
diff --git a/tools/makefile b/tools/makefile index 9059a2f..43418ce 100644 --- a/tools/makefile +++ b/tools/makefile @@ -10,18 +10,24 @@ CC= /usr/bin/g++ -Wall -g -I $(HOME)/lib/include .SECONDARY : # do not remove any intermediate files -progs = pido hi-q skrewt hi-test mail-scan greylist +qprogs = pido hi-q skrewt hi-test mail-scan greylist wripper -all: $(progs) +all: $(qprogs) wripper -greylist: greylist.c +greylist: greylist.o $(CC) $< -lboost_filesystem-mt -o $@ +wripper: wripper.o + $(CC) $< -o $@ + chgrp daemon $@ + chmod g+s $@ + mail-scan: mail-scan.o $(CC) $< -lboost_regex -o $@ install: - install $(progs) /var/qmail/bin/ + install $(qprogs) /var/qmail/bin/ + install -gdaemon -m2755 wripper /usr/lib/mailman/mail/ cp filters.conf aufilters.conf /var/qmail/control/ install -m700 -d /var/qmail/rbin chown qmaild /var/qmail/rbin @@ -43,14 +49,18 @@ install: logmark: logger -t jsd -p mail.info ========================= -todo: +# Command to let everybody out of the penalty box: +parole: + greylist -scan |grep penalty | while read addr rest ; do TCPREMOTEIP=$addr greylist -p 1 -v ; done + +todo: echo \ pass message-ID to greylist program \ ... also provide a way for certain recipients to bypass some checks \ ... both will require major restructuring, "cat" process \ ... IPv6 reverse-DNS recors \ ... "clean up bad DNS reports nnnn --> () ==> ()" \ - ..... + ..... ALWAYS: @echo ... diff --git a/tools/wripper.c b/tools/wripper.c new file mode 100644 index 0000000..2a19c8b --- /dev/null +++ b/tools/wripper.c @@ -0,0 +1,53 @@ +////////////// + +using namespace std; +#include <iostream> +#include <string> +#include <unistd.h> +#include <sys/types.h> +#include <stdio.h> /* for perror() */ + +string dirname(const string path){ + size_t where = path.rfind("/"); + if (where == string::npos) return "."; + return path.substr(0, where); +} + +int main(int argc, char** argv){ + int uid=getuid(); + int euid=geteuid(); + int gid=getgid(); + int egid=getegid(); + int sts; + int verbosity(0); + + if (verbosity) cout << "uid: " << uid + << " euid: " << euid + << " gid: " << gid + << " egid: " << egid + << endl; + + sts = setreuid(euid, euid); + if (sts){ + cerr << "wripper: setreuid failed: "; + perror(0); + } + + sts = setregid(egid, egid); + if (sts){ + cerr << "wripper: setregid failed: "; + perror(0); + } + + if (verbosity) cout << "uid: " << getuid() + << " euid: " << geteuid() + << " gid: " << getgid() + << " egid: " << getegid() + << endl; + + string path = dirname(*argv) + "/mailman"; + *argv = (char*) path.c_str(); + execv(*argv, argv); + cerr << "wripper: exec failed for '" << *argv << "' : "; + perror(0); +} |