Gld, a standalone greylisting daemon for postfix, runs not as a dedicated, least privileged user on the system in default config. As demonstrated by bug #88904 , this puts the system at a totally unneeded higher risk. A dedicated user should be generated on the system at package install - for example like the djbdns package already does. Reproducible: Always Steps to Reproduce: 1. 2. 3. Actual Results: If default config is not altered, the daemon runs at root privilege exposing the whole system to an unnescessary risk. Expected Results: A dedicated user "gld" should be generated on the system at package install and the existence of such a user verified at upgrade and used by default config "gld.conf.sample".
This should have been fixed by the recent gld GLSA... Recent versions of gld should by default (1) listen to loopback addresses only, (2) run as user/group nobody, since the ebuild makes modifications to the /etc/gld.conf.sample file: dosed 's:^LOOPBACKONLY=.*:LOOPBACKONLY=1:' /etc/gld.conf.sample dosed 's:^#USER=.*:USER=nobody:' /etc/gld.conf.sample dosed 's:^#GROUP=.*:GROUP=nobody:' /etc/gld.conf.sample
OK, if you think adding a special user is to paranoic, please close this bug. Thanks for looking into this.
Well, running as nobody in the default config is sufficiently secure for us. However, you might post an ebuild enhancement request (assigned to package maintainer) to switch to a specific user, as it will be even more secure.
