This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Title: setuid in sheds privileges before binding port
Type: behavior Stage: resolved
Components: Library (Lib) Versions: Python 3.2, Python 3.3, Python 2.7
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: alfmel, barry, flox, giampaolo.rodola, petri.lehtinen, python-dev
Priority: normal Keywords: needs review, patch

Created on 2010-07-05 16:20 by alfmel, last changed 2022-04-11 14:57 by admin. This issue is now closed.

File name Uploaded Description Edit alfmel, 2010-07-05 16:20 Fix setuid/bind order patch petri.lehtinen, 2011-10-20 08:59 Fix setuid/bind order
Messages (6)
msg109336 - (view) Author: Alberto Trevino (alfmel) Date: 2010-07-05 16:20
The SMTP proxy server in Python ( allows you to shed privileges and run as user nobody. However, if you are trying to use port 25, the server will shed privileges before binding the port, causing a bind failure. By moving the setuid code between the creation of the proxy server and the aysncore loop, we can bind a port below 1024 and run as nobody.
msg113940 - (view) Author: Alberto Trevino (alfmel) Date: 2010-08-15 04:10
I haven't heard anything on this problem or my patch.  What's the status?
msg146012 - (view) Author: Petri Lehtinen (petri.lehtinen) * (Python committer) Date: 2011-10-20 08:59
The patch looks good to me and fixes the problem. To reproduce, try this:

    sudo python -m smtpd

It raises a "socket.error: [Errno 13] Permission denied" when trying to bind to the privileged port.

Attached a refreshed the patch that applies cleanly on top of current 2.7 branch.
msg146052 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2011-10-20 21:15
New changeset 7d92b94b0eec by Florent Xicluna in branch '3.2':
Issue #9168: now smtpd is able to bind privileged port.

New changeset bbd92b42508e by Florent Xicluna in branch 'default':
Issue #9168: now smtpd is able to bind privileged port.
msg146053 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2011-10-20 21:22
New changeset d2f303861c98 by Florent Xicluna in branch '2.7':
Issue #9168: now smtpd is able to bind privileged port.
msg146054 - (view) Author: Florent Xicluna (flox) * (Python committer) Date: 2011-10-20 21:30
Fixed. Thank you for the patch.
Date User Action Args
2022-04-11 14:57:03adminsetgithub: 53414
2011-10-20 21:30:32floxsetstatus: open -> closed

nosy: + flox
messages: + msg146054

resolution: fixed
stage: patch review -> resolved
2011-10-20 21:22:25python-devsetmessages: + msg146053
2011-10-20 21:15:43python-devsetnosy: + python-dev
messages: + msg146052
2011-10-20 08:59:55petri.lehtinensetfiles: +
versions: - Python 3.1
nosy: + petri.lehtinen

messages: + msg146012
2011-02-04 01:21:19eric.araujosetkeywords: + needs review
nosy: barry, giampaolo.rodola, alfmel
versions: + Python 2.7, Python 3.2, Python 3.3
type: crash -> behavior
stage: patch review
2010-08-15 04:10:33alfmelsetmessages: + msg113940
2010-08-06 00:26:36alfmelsettype: crash
versions: + Python 3.1, - Python 3.2
2010-07-05 17:27:32giampaolo.rodolasetnosy: + giampaolo.rodola
2010-07-05 16:20:39alfmelcreate