[dovecot-cvs] dovecot/src/master auth-process.c,1.45,1.46
login-process.c,1.45,1.46 mail-process.c,1.21,1.22
cras at procontrol.fi
cras at procontrol.fi
Mon May 26 19:26:31 EEST 2003
Update of /home/cvs/dovecot/src/master
In directory danu:/tmp/cvs-serv10925/src/master
Modified Files:
auth-process.c login-process.c mail-process.c
Log Message:
Allow first_valid_gid to be 0. Drop any supplementary groups not in valid
gid range.
Index: auth-process.c
===================================================================
RCS file: /home/cvs/dovecot/src/master/auth-process.c,v
retrieving revision 1.45
retrieving revision 1.46
diff -u -d -r1.45 -r1.46
--- auth-process.c 23 May 2003 14:40:50 -0000 1.45
+++ auth-process.c 26 May 2003 15:26:29 -0000 1.46
@@ -309,7 +309,7 @@
/* setup access environment */
restrict_access_set_env(group->set->user, pwd->pw_uid, pwd->pw_gid,
- group->set->chroot);
+ group->set->chroot, 0, 0);
/* set other environment */
env_put(t_strconcat("AUTH_PROCESS=", dec2str(getpid()), NULL));
Index: login-process.c
===================================================================
RCS file: /home/cvs/dovecot/src/master/login-process.c,v
retrieving revision 1.45
retrieving revision 1.46
diff -u -d -r1.45 -r1.46
--- login-process.c 23 May 2003 14:40:50 -0000 1.45
+++ login-process.c 26 May 2003 15:26:29 -0000 1.46
@@ -390,7 +390,8 @@
clean_child_process() since it clears environment */
restrict_access_set_env(group->set->user,
group->set->uid, set->login_gid,
- set->login_chroot ? set->login_dir : NULL);
+ set->login_chroot ? set->login_dir : NULL,
+ 0, 0);
env_put("DOVECOT_MASTER=1");
Index: mail-process.c
===================================================================
RCS file: /home/cvs/dovecot/src/master/mail-process.c,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -d -r1.21 -r1.22
--- mail-process.c 18 May 2003 16:37:05 -0000 1.21
+++ mail-process.c 26 May 2003 15:26:29 -0000 1.22
@@ -25,11 +25,6 @@
return FALSE;
}
- if (uid != 0 && gid == 0) {
- i_error("mail process isn't allowed to be in group 0");
- return FALSE;
- }
-
if (uid < (uid_t)set->first_valid_uid ||
(set->last_valid_uid != 0 && uid > (uid_t)set->last_valid_uid)) {
i_error("mail process isn't allowed to use UID %s "
@@ -40,8 +35,9 @@
if (gid < (gid_t)set->first_valid_gid ||
(set->last_valid_gid != 0 && gid > (gid_t)set->last_valid_gid)) {
- i_error("mail process isn't allowed to use "
- "GID %s (UID is %s)", dec2str(gid), dec2str(uid));
+ i_error("mail process isn't allowed to use primary group ID %s "
+ "with UID %s (see first_valid_gid in config file).",
+ dec2str(gid), dec2str(uid));
return FALSE;
}
@@ -154,7 +150,8 @@
/* setup environment - set the most important environment first
(paranoia about filling up environment without noticing) */
restrict_access_set_env(data + reply->system_user_idx,
- reply->uid, reply->gid, chroot_dir);
+ reply->uid, reply->gid, chroot_dir,
+ set->first_valid_gid, set->last_valid_gid);
restrict_process_size(process_size, (unsigned int)-1);
More information about the dovecot-cvs
mailing list