[sslh] [FW: Re: sslh-1.10 OS X issue and patch]

[Yves Rutschle]

See the rest of our conversation which got lost from the
list...

Bud, this also answers your problem: the changing in
ownership of the PID file is really only a problem hen
upgrading to sslh-1.10.

----- Forwarded message from Aaron Madlon-Kay <aaron at madlon-kay.com> -----

Date: Sun, 1 Jan 2012 20:04:08 +0900
From: Aaron Madlon-Kay <aaron at madlon-kay.com>
To: Yves Rutschle <yves at naryves.com>
Subject: Re: sslh-1.10 OS X issue and patch

Yves,

Thanks for the clarification. It turns out that this is only problem if you have previously run sslh-1.9, in which case you will almost certainly have a preexisting /var/run/sslh.pid that is owned by root. If this file is simply removed then sslh will recreate the file with permissions such that the problem no longer occurs.

Thanks again,
Aaron


On 2012/01/01, at 19:17, Yves Rutschle wrote:

> On Sun, Jan 01, 2012 at 11:17:36AM +0900, Aaron Madlon-Kay wrote:
>> Hello Yves. Happy New Year and all that :)
> 
> Same here!
> 
>> The program immediately exits after this. The issue can be avoided by specifying "-u root", but this seems undesirable. I tried changing the code to write the pid file before dropping privileges and it seems to work fine. Please see the attached patch.
> 
> Crap, I thought I wrote something about that in the release
> notes but apparently didn't.
> 
> This is the intended behaviour, the goal being to reduce
> what is done as root. Obviously -u root is bad, the "proper"
> solution is to either `chown sslh:sslh /var/run/sslh.pid`
> (which is what I've done on my system) or create a directory
> owned by the sslh user (which is the policy that Debian
> maintainer used, I think that's common in Debian
> considering the number of sub-directories in /var/run).
> 
> Y.



----- End forwarded message -----