From b2f94206b1d0de36af7688f8139302db94982cae Mon Sep 17 00:00:00 2001 From: Nikolaus Schulz Date: Fri, 2 Nov 2007 20:26:40 +0000 Subject: Deprecate the old automatic seteuid feature; document this in the manpage and changelog, and let archivemail spit a warning when it changes the effective user id. --- CHANGELOG | 2 ++ archivemail.py | 2 ++ archivemail.sgml | 6 ++++++ 3 files changed, 10 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index 65a2155..df24916 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -17,6 +17,8 @@ Version 0.7.1 - UNRELEASED Closes: #981865, #988803, #1764851, Debian bug #434798 * If running as root, only switch the effective uid and gid back if we have actually switched them before. Closes: #1762907 + * The automatic seteuid feature of archivemail is insecure and thus + deprecated; it will be removed from later versions. Version 0.7.0 - 2 November 2006 * Fixed long options --filter-append and --pwfile to accept their arguments. diff --git a/archivemail.py b/archivemail.py index 170f5a8..d0e1578 100755 --- a/archivemail.py +++ b/archivemail.py @@ -1132,6 +1132,8 @@ def archive(mailbox_name): os.setegid(mailbox_group) vprint("changing effective user id to: %d" % mailbox_user) os.seteuid(mailbox_user) + user_warning("changing effective user id: this automatic feature " + "is deprecated and will be removed from later versions.") old_temp_dir = tempfile.tempdir try: diff --git a/archivemail.sgml b/archivemail.sgml index 8efef1a..3ce582e 100644 --- a/archivemail.sgml +++ b/archivemail.sgml @@ -100,6 +100,12 @@ See below for more Warning: + + this automatic seteuid feature is insecure and deprecated. + It will be removed from later versions of -- cgit v1.2.3