Effective, Real and Group id switching for daemons

I'm working to improve ASSP's support for *nix environments. (ASSP, http://assp.sourceforge.net, is an anti-spam smtp proxy written in Perl.) One of the important features is to be able to run as non-root after we start listening on port 25. I had a couple of questions for those wiser than I.
First is it important to switch the real uid as well? It might be nice to preserve the real uid so I can switch back to root if they kill -HUP and I need to switch ports. But in the event of a perl-based vulnerability and I changed the effective-uid but not real-uid I suppose the clever hacker would switch the effective-uid back if possible. So I probably need to do that, right?

Secondly do I need to give the option to switch effective and real group id as well? I suppose root group might be able to do something a hacker shouldn't, even after they've lost root euid, right?

Finally, this code has to have been written 1000 times, but I couldn't find it anywhere. Can someone point me to an opensource perl server daemon that I can swipe code from? Or perhaps email me their prized nuget from their own project with permission to recycle?

Thanks tons,
John Received on Sat Jan 25 04:28:58 2003