This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: setuid in smtp.py sheds privileges before binding port
Type: behavior Stage: resolved
Components: Library (Lib) Versions: Python 3.2, Python 3.3, Python 2.7
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: alfmel, barry, flox, giampaolo.rodola, petri.lehtinen, python-dev
Priority: normal Keywords: needs review, patch

Created on 2010-07-05 16:20 by alfmel, last changed 2022-04-11 14:57 by admin. This issue is now closed.

Files
File name Uploaded Description Edit
smtpd.py-0.2-setuid-fix.diff alfmel, 2010-07-05 16:20 Fix setuid/bind order patch
smtpd.py-0.2-setuid-fix_v2.diff petri.lehtinen, 2011-10-20 08:59 Fix setuid/bind order
Messages (6)
msg109336 - (view) Author: Alberto Trevino (alfmel) Date: 2010-07-05 16:20
The SMTP proxy server in Python (smtpd.py) allows you to shed privileges and run as user nobody. However, if you are trying to use port 25, the server will shed privileges before binding the port, causing a bind failure. By moving the setuid code between the creation of the proxy server and the aysncore loop, we can bind a port below 1024 and run as nobody.
msg113940 - (view) Author: Alberto Trevino (alfmel) Date: 2010-08-15 04:10
I haven't heard anything on this problem or my patch.  What's the status?
msg146012 - (view) Author: Petri Lehtinen (petri.lehtinen) * (Python committer) Date: 2011-10-20 08:59
The patch looks good to me and fixes the problem. To reproduce, try this:

    sudo python -m smtpd 127.0.0.1:25

It raises a "socket.error: [Errno 13] Permission denied" when trying to bind to the privileged port.

Attached a refreshed the patch that applies cleanly on top of current 2.7 branch.
msg146052 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2011-10-20 21:15
New changeset 7d92b94b0eec by Florent Xicluna in branch '3.2':
Issue #9168: now smtpd is able to bind privileged port.
http://hg.python.org/cpython/rev/7d92b94b0eec

New changeset bbd92b42508e by Florent Xicluna in branch 'default':
Issue #9168: now smtpd is able to bind privileged port.
http://hg.python.org/cpython/rev/bbd92b42508e
msg146053 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2011-10-20 21:22
New changeset d2f303861c98 by Florent Xicluna in branch '2.7':
Issue #9168: now smtpd is able to bind privileged port.
http://hg.python.org/cpython/rev/d2f303861c98
msg146054 - (view) Author: Florent Xicluna (flox) * (Python committer) Date: 2011-10-20 21:30
Fixed. Thank you for the patch.
History
Date User Action Args
2022-04-11 14:57:03adminsetgithub: 53414
2011-10-20 21:30:32floxsetstatus: open -> closed

nosy: + flox
messages: + msg146054

resolution: fixed
stage: patch review -> resolved
2011-10-20 21:22:25python-devsetmessages: + msg146053
2011-10-20 21:15:43python-devsetnosy: + python-dev
messages: + msg146052
2011-10-20 08:59:55petri.lehtinensetfiles: + smtpd.py-0.2-setuid-fix_v2.diff
versions: - Python 3.1
nosy: + petri.lehtinen

messages: + msg146012
2011-02-04 01:21:19eric.araujosetkeywords: + needs review
nosy: barry, giampaolo.rodola, alfmel
versions: + Python 2.7, Python 3.2, Python 3.3
type: crash -> behavior
stage: patch review
2010-08-15 04:10:33alfmelsetmessages: + msg113940
2010-08-06 00:26:36alfmelsettype: crash
versions: + Python 3.1, - Python 3.2
2010-07-05 17:27:32giampaolo.rodolasetnosy: + giampaolo.rodola
2010-07-05 16:20:39alfmelcreate