dovecot-2.2: lib-storage: With temporary privilege dropping, swi...
dovecot at dovecot.org
dovecot at dovecot.org
Tue Jul 30 13:26:51 EEST 2013
details: http://hg.dovecot.org/dovecot-2.2/rev/2470bb9106b0
changeset: 16624:2470bb9106b0
user: Timo Sirainen <tss at iki.fi>
date: Tue Jul 30 13:26:07 2013 +0300
description:
lib-storage: With temporary privilege dropping, switch to root before doing config lookup.
This fixes the problem of not having enough permissions to connect to the
config socket.
diffstat:
src/lib-storage/mail-storage-service.c | 11 ++++++++++-
1 files changed, 10 insertions(+), 1 deletions(-)
diffs (28 lines):
diff -r 0cab916b28c6 -r 2470bb9106b0 src/lib-storage/mail-storage-service.c
--- a/src/lib-storage/mail-storage-service.c Tue Jul 30 13:09:52 2013 +0300
+++ b/src/lib-storage/mail-storage-service.c Tue Jul 30 13:26:07 2013 +0300
@@ -967,6 +967,16 @@
int ret = 1;
user_pool = pool_alloconly_create("mail storage service user", 1024*6);
+ flags = mail_storage_service_input_get_flags(ctx, input);
+
+ if ((flags & MAIL_STORAGE_SERVICE_FLAG_TEMP_PRIV_DROP) != 0 &&
+ geteuid() != 0) {
+ /* we dropped privileges only temporarily. switch back to root
+ before reading settings, so we'll definitely have enough
+ permissions to connect to the config socket. */
+ if (seteuid(0) < 0)
+ i_fatal("seteuid(0) failed: %m");
+ }
if (mail_storage_service_read_settings(ctx, input, user_pool,
&user_info, &set_parser,
@@ -977,7 +987,6 @@
return -1;
}
- flags = mail_storage_service_input_get_flags(ctx, input);
if ((flags & MAIL_STORAGE_SERVICE_FLAG_NO_LOG_INIT) == 0 &&
!ctx->log_initialized) {
/* initialize logging again, in case we only read the
More information about the dovecot-cvs
mailing list