[issue9168] setuid in smtp.py sheds privileges before binding port

Alberto Trevino report at bugs.python.org
Mon Jul 5 18:20:41 CEST 2010


New submission from Alberto Trevino <alberto at byu.edu>:

The SMTP proxy server in Python (smtpd.py) allows you to shed privileges and run as user nobody. However, if you are trying to use port 25, the server will shed privileges before binding the port, causing a bind failure. By moving the setuid code between the creation of the proxy server and the aysncore loop, we can bind a port below 1024 and run as nobody.

----------
components: Library (Lib)
files: smtpd.py-0.2-setuid-fix.diff
keywords: patch
messages: 109336
nosy: alfmel, barry
priority: normal
severity: normal
status: open
title: setuid in smtp.py sheds privileges before binding port
versions: Python 3.2
Added file: http://bugs.python.org/file17871/smtpd.py-0.2-setuid-fix.diff

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue9168>
_______________________________________


More information about the Python-bugs-list mailing list