inndstart security model fix

Russ Allbery rra at
Tue Sep 7 17:46:30 UTC 1999

Russ Allbery <rra at Stanford.EDU> writes:

> I believe that the following security model will prevent that, or at
> least make it extremely difficult.  I'm working on implementing it right
> now.  Any strong objections or critique?

Rewrite finished and tested, so if anyone objects, yell now.  Otherwise,
I'm going to check it in.

I also cleaned up a whole bunch of other stuff, added more informative
error messages in a few places, switched from sprintf() to concat(), fixed
inndstart to allow spaces in options (-P 1999 as well as -P1999), and
dropped privileges for reading inn.conf and for some of the other parts of
the code that didn't need privileges.

I'd send the patch, but it would be rather meaningless as I basically
rewrote the whole file.

Russ Allbery (rra at         <URL:>

More information about the inn-workers mailing list