[dovecot-cvs] dovecot/src/master auth-process.c,1.29,1.30 settings.c,1.43,1.44

cras at procontrol.fi cras at procontrol.fi
Mon Jan 27 04:42:04 EET 2003 

Update of /home/cvs/dovecot/src/master
In directory danu:/tmp/cvs-serv225/src/master

Modified Files:
	auth-process.c settings.c 
Log Message:
Authentication named socket permissions were insecure, an exploited login
process could have replaced it with it's own and began reading plaintext
passwords sent by other login processes.



Index: auth-process.c
===================================================================
RCS file: /home/cvs/dovecot/src/master/auth-process.c,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -d -r1.29 -r1.30
--- auth-process.c	27 Jan 2003 01:44:34 -0000	1.29
+++ auth-process.c	27 Jan 2003 02:42:02 -0000	1.30
@@ -272,7 +272,7 @@
 	/* create socket for listening auth requests from imap-login */
 	path = t_strconcat(set_login_dir, "/", config->name, NULL);
 	(void)unlink(path);
-        (void)umask(0177); /* we want 0600 mode for the socket */
+        (void)umask(0117); /* we want 0660 mode for the socket */
 
 	listen_fd = net_listen_unix(path);
 	if (listen_fd < 0)
@@ -281,7 +281,7 @@
 	i_assert(listen_fd > 2);
 
 	/* set correct permissions */
-	if (chown(path, set_login_uid, set_login_gid) < 0) {
+	if (chown(path, geteuid(), set_login_gid) < 0) {
 		i_fatal("login: chown(%s, %s, %s) failed: %m",
 			path, dec2str(set_login_uid), dec2str(set_login_gid));
 	}

Index: settings.c
===================================================================
RCS file: /home/cvs/dovecot/src/master/settings.c,v
retrieving revision 1.43
retrieving revision 1.44
diff -u -d -r1.43 -r1.44
--- settings.c	27 Jan 2003 01:33:40 -0000	1.43
+++ settings.c	27 Jan 2003 02:42:02 -0000	1.44
@@ -273,9 +273,10 @@
 	if (unlink_directory(set_login_dir, FALSE) < 0)
 		i_fatal("unlink_directory() failed for %s: %m", set_login_dir);
 
-	if (safe_mkdir(set_login_dir, 0700, set_login_uid, set_login_gid) == 0)
+	if (safe_mkdir(set_login_dir, 0750, geteuid(), set_login_gid) == 0) {
 		i_warning("Corrected permissions for login directory %s",
 			  set_login_dir);
+	}
 
 	if (set_max_imap_processes < 1)
 		i_fatal("max_imap_processes must be at least 1");

More information about the dovecot-cvs mailing list