dovecot-1.2: More group permission handling fixes.
dovecot at dovecot.org
dovecot at dovecot.org
Mon Jun 1 05:16:09 EEST 2009
details: http://hg.dovecot.org/dovecot-1.2/rev/e7c0b3068d58
changeset: 9108:e7c0b3068d58
user: Timo Sirainen <tss at iki.fi>
date: Sun May 31 22:15:55 2009 -0400
description:
More group permission handling fixes.
diffstat:
2 files changed, 15 insertions(+), 20 deletions(-)
src/lib-index/mail-index.c | 31 +++++++++++++------------------
src/lib-storage/mailbox-list.c | 4 ++--
diffs (56 lines):
diff -r 0f2f9e207644 -r e7c0b3068d58 src/lib-index/mail-index.c
--- a/src/lib-index/mail-index.c Sun May 31 22:03:25 2009 -0400
+++ b/src/lib-index/mail-index.c Sun May 31 22:15:55 2009 -0400
@@ -638,25 +638,20 @@ void mail_index_fchown(struct mail_index
} else if (fchown(fd, (uid_t)-1, index->gid) == 0) {
/* success */
return;
- } if ((index->mode & 0066) == 0) {
- /* group doesn't really matter, ignore silently. */
+ } if ((index->mode & 0060) >> 3 == (index->mode & 0006)) {
+ /* group and world permissions are the same, so group doesn't
+ really matter. ignore silently. */
return;
- } if ((index->mode & 0060) == 0) {
- /* file access was granted to everyone, except this group.
- to make sure we don't expose it to the group, drop the world
- permissions too. */
- mail_index_file_set_syscall_error(index, path, "fchown()");
- mode = index->mode & 0600;
- } else {
- mail_index_file_set_syscall_error(index, path, "fchown()");
- /* continue, but change group permissions to same as
- world-permissions were. */
- mode = (index->mode & 0606) | ((index->mode & 06) << 3);
- }
- if (fchmod(fd, mode) < 0) {
- mail_index_file_set_syscall_error(index, path,
- "fchmod()");
- }
+ }
+ mail_index_file_set_syscall_error(index, path, "fchown()");
+
+ /* continue, but change permissions so that only the common
+ subset of group and world is used. this makes sure no one
+ gets any extra permissions. */
+ mode = ((index->mode & 0060) >> 3) & (index->mode & 0006);
+ mode |= (mode << 3) | (index->mode & 0600);
+ if (fchmod(fd, mode) < 0)
+ mail_index_file_set_syscall_error(index, path, "fchmod()");
}
int mail_index_set_syscall_error(struct mail_index *index,
diff -r 0f2f9e207644 -r e7c0b3068d58 src/lib-storage/mailbox-list.c
--- a/src/lib-storage/mailbox-list.c Sun May 31 22:03:25 2009 -0400
+++ b/src/lib-storage/mailbox-list.c Sun May 31 22:15:55 2009 -0400
@@ -318,8 +318,8 @@ mailbox_list_get_permissions_full(struct
/* directory's GID is used automatically for new
files */
*gid_r = (gid_t)-1;
- } else if ((st.st_mode & 0070) == 0) {
- /* group doesn't have any permissions, so don't bother
+ } else if ((st.st_mode & 0070) >> 3 == (st.st_mode & 0007)) {
+ /* group has same permissions as world, so don't bother
changing it */
*gid_r = (gid_t)-1;
} else if (getegid() == st.st_gid) {
More information about the dovecot-cvs
mailing list