Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20021222175449.GA56226@dataloss.nl>
Date: Sun, 22 Dec 2002 18:54:49 +0100
From: Peter van Dijk <peter@...aloss.nl>
To: popa3d-users@...ts.openwall.com
Subject: Re: Question about using popa3d and stunnel

On Sun, Dec 22, 2002 at 07:20:51PM +0300, Solar Designer wrote:
[snip]
> It's a really good idea to have stunnel running as a dedicated
> pseudo-user (I don't know if this still requires patching, it used
> to).  There have been numerous security holes discovered in both
> stunnel itself and in OpenSSL that it uses.

>From the manpage:
       -s username
           setuid() to username in daemon mode

       -g groupname
           setgid() to groupname in daemon mode. Clears all other
           groups.

This is stunnel 3.22 from the FreeBSD ports. Above functionality does
not seem to come from a patch applied by the port.

Greetz, Peter
-- 
peter@...aloss.nl  |  http://www.dataloss.nl/  |  Undernet:#clue
http://www.blinkenlights.nl/party/ - birthday party (page in Dutch)
all geeks invited - send mail to party@...nkenlights.nl for more info

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.