Milter-greylist

manu@... writes:

>> + if (initgroups(conf.c_user, pw->pw_gid) != 0) {
>> ...
>> + if (setgid(pw->pw_gid) != 0 ||
>> + setegid(pw->pw_gid) != 0) {
> ...
> I'm ready to commit that, but I'm concerned about initgroups() not
> being portable. Any input on that?

Just execute a configure.ac test (e.g.

--------
AC_MSG_CHECKING([whether initgroups() is available])
AC_TRY_LINK([
#define _BSD_SOURCE
#include <grp.h>
#include <sys/types.h>],
[initgroups("foo", 42);],
[grmilt_have_initgroups=yes],
[grmilt_have_initgroups=no])
AC_MSG_RESULT($grmilt_have_initgroups)
if test x"$grmilt_have_initgroups" = xyes; then
AC_DEFINE(GRMILT_HAVE_INITGROUPS, 1, [Define to 1 when initgroups(3) is available])
fi
--------

), put the statement above into an '#ifdef GRMILT_HAVE_INITGROUPS
... #endif' block and issue a big fat warning when initgroups() is not
available.



As Eugen noticed, setregid() shall be used instead of the setgid() +
setegid() sequence. Accordingly SUSv3, 'setregid(2)' was "first released
in Issue 4, Version 2.", but setegid(2) is younger because it was "first
released in Issue 6.".


I see that you applied both my 'daemon --user=...' patch for the
initscripts and the initgroups patch in 2.0beta1. Sorry, that I was
unclear about this, but they will not work together so please revert
the milter-greylist-1.6-user.patch.




Enrico