dovecot-2.0: lib-storage: Fixed mail_chroot to work when process...

dovecot at dovecot.org dovecot at dovecot.org
Tue Jun 7 16:12:20 EEST 2011 

details:   http://hg.dovecot.org/dovecot-2.0/rev/ed05316ed441
changeset: 12845:ed05316ed441
user:      Timo Sirainen <tss at iki.fi>
date:      Tue Jun 07 16:12:13 2011 +0300
description:
lib-storage: Fixed mail_chroot to work when process was already chrooted there.

diffstat:

 src/lib-storage/mail-storage-service.c |  21 ++++++++++++++-------
 1 files changed, 14 insertions(+), 7 deletions(-)

diffs (61 lines):

diff -r c0734f08b3f3 -r ed05316ed441 src/lib-storage/mail-storage-service.c
--- a/src/lib-storage/mail-storage-service.c	Tue Jun 07 15:18:19 2011 +0300
+++ b/src/lib-storage/mail-storage-service.c	Tue Jun 07 16:12:13 2011 +0300
@@ -382,13 +382,12 @@
 
 	rset.first_valid_gid = set->first_valid_gid;
 	rset.last_valid_gid = set->last_valid_gid;
-	/* we can't chroot if we want to switch between users. there's not
-	   much point either (from security point of view) */
-	rset.chroot_dir = *chroot == '\0' || keep_setuid_root ? NULL : chroot;
+	rset.chroot_dir = *chroot == '\0' ? NULL : chroot;
 	rset.system_groups_user = user->system_groups_user;
 
 	cur_chroot = restrict_access_get_current_chroot();
 	if (cur_chroot != NULL) {
+		/* we're already chrooted. make sure the chroots are equal. */
 		if (rset.chroot_dir == NULL) {
 			*error_r = "Process is already chrooted, "
 				"can't un-chroot for this user";
@@ -903,6 +902,7 @@
 		(user->flags & MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT) != 0;
 	bool temp_priv_drop =
 		(user->flags & MAIL_STORAGE_SERVICE_FLAG_TEMP_PRIV_DROP) != 0;
+	bool use_chroot;
 
 	/* variable strings are expanded in mail_user_init(),
 	   but we need the home and chroot sooner so do them separately here. */
@@ -918,12 +918,19 @@
 		return -2;
 	}
 
+	/* we can't chroot if we want to switch between users. there's
+	   not much point either (from security point of view). but if we're
+	   already chrooted, we'll just have to continue and hope that the
+	   current chroot is the same as the wanted chroot */
+	use_chroot = !temp_priv_drop ||
+		restrict_access_get_current_chroot() != NULL;
+
 	len = strlen(chroot);
 	if (len > 2 && strcmp(chroot + len - 2, "/.") == 0 &&
 	    strncmp(home, chroot, len - 2) == 0) {
 		/* mail_chroot = /chroot/. means that the home dir already
 		   contains the chroot dir. remove it from home. */
-		if (!temp_priv_drop) {
+		if (use_chroot) {
 			home += len - 2;
 			if (*home == '\0')
 				home = "/";
@@ -932,9 +939,9 @@
 			set_keyval(ctx, user, "mail_home", home);
 			set_keyval(ctx, user, "mail_chroot", chroot);
 		}
-	} else if (len > 0 && temp_priv_drop) {
-		/* we're dropping privileges only temporarily, so we can't
-		   chroot. fix home directory so we can access it. */
+	} else if (len > 0 && !use_chroot) {
+		/* we're not going to chroot. fix home directory so we can
+		   access it. */
 		if (*home == '\0' || strcmp(home, "/") == 0)
 			home = chroot;
 		else

More information about the dovecot-cvs mailing list