dovecot-2.2: auth: Require auth-token-secret.dat owner to be aut...
dovecot at dovecot.org
dovecot at dovecot.org
Tue Nov 6 23:23:31 EET 2012
details: http://hg.dovecot.org/dovecot-2.2/rev/2d0d0318b341
changeset: 15387:2d0d0318b341
user: Timo Sirainen <tss at iki.fi>
date: Tue Nov 06 23:23:19 2012 +0200
description:
auth: Require auth-token-secret.dat owner to be auth process's uid, not necessarily root.
diffstat:
src/auth/auth-token.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diffs (13 lines):
diff -r 5089affc8ae5 -r 2d0d0318b341 src/auth/auth-token.c
--- a/src/auth/auth-token.c Tue Nov 06 22:15:51 2012 +0200
+++ b/src/auth/auth-token.c Tue Nov 06 23:23:19 2012 +0200
@@ -70,7 +70,8 @@
}
/* check security parameters for compromise */
- if ((st.st_mode & 07777) != 0600 || st.st_uid != 0 || st.st_nlink > 1 ||
+ if ((st.st_mode & 07777) != 0600 ||
+ st.st_uid != geteuid() || st.st_nlink > 1 ||
!S_ISREG(lst.st_mode) || st.st_ino != lst.st_ino ||
!CMP_DEV_T(st.st_dev, lst.st_dev)) {
i_error("Compromised token secret file: %s", path);
More information about the dovecot-cvs
mailing list