dovecot-2.0: lib-storage: Fixed mail_chroot to work when process...
dovecot at dovecot.org
dovecot at dovecot.org
Tue Jun 7 16:12:20 EEST 2011
details: http://hg.dovecot.org/dovecot-2.0/rev/ed05316ed441
changeset: 12845:ed05316ed441
user: Timo Sirainen <tss at iki.fi>
date: Tue Jun 07 16:12:13 2011 +0300
description:
lib-storage: Fixed mail_chroot to work when process was already chrooted there.
diffstat:
src/lib-storage/mail-storage-service.c | 21 ++++++++++++++-------
1 files changed, 14 insertions(+), 7 deletions(-)
diffs (61 lines):
diff -r c0734f08b3f3 -r ed05316ed441 src/lib-storage/mail-storage-service.c
--- a/src/lib-storage/mail-storage-service.c Tue Jun 07 15:18:19 2011 +0300
+++ b/src/lib-storage/mail-storage-service.c Tue Jun 07 16:12:13 2011 +0300
@@ -382,13 +382,12 @@
rset.first_valid_gid = set->first_valid_gid;
rset.last_valid_gid = set->last_valid_gid;
- /* we can't chroot if we want to switch between users. there's not
- much point either (from security point of view) */
- rset.chroot_dir = *chroot == '\0' || keep_setuid_root ? NULL : chroot;
+ rset.chroot_dir = *chroot == '\0' ? NULL : chroot;
rset.system_groups_user = user->system_groups_user;
cur_chroot = restrict_access_get_current_chroot();
if (cur_chroot != NULL) {
+ /* we're already chrooted. make sure the chroots are equal. */
if (rset.chroot_dir == NULL) {
*error_r = "Process is already chrooted, "
"can't un-chroot for this user";
@@ -903,6 +902,7 @@
(user->flags & MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT) != 0;
bool temp_priv_drop =
(user->flags & MAIL_STORAGE_SERVICE_FLAG_TEMP_PRIV_DROP) != 0;
+ bool use_chroot;
/* variable strings are expanded in mail_user_init(),
but we need the home and chroot sooner so do them separately here. */
@@ -918,12 +918,19 @@
return -2;
}
+ /* we can't chroot if we want to switch between users. there's
+ not much point either (from security point of view). but if we're
+ already chrooted, we'll just have to continue and hope that the
+ current chroot is the same as the wanted chroot */
+ use_chroot = !temp_priv_drop ||
+ restrict_access_get_current_chroot() != NULL;
+
len = strlen(chroot);
if (len > 2 && strcmp(chroot + len - 2, "/.") == 0 &&
strncmp(home, chroot, len - 2) == 0) {
/* mail_chroot = /chroot/. means that the home dir already
contains the chroot dir. remove it from home. */
- if (!temp_priv_drop) {
+ if (use_chroot) {
home += len - 2;
if (*home == '\0')
home = "/";
@@ -932,9 +939,9 @@
set_keyval(ctx, user, "mail_home", home);
set_keyval(ctx, user, "mail_chroot", chroot);
}
- } else if (len > 0 && temp_priv_drop) {
- /* we're dropping privileges only temporarily, so we can't
- chroot. fix home directory so we can access it. */
+ } else if (len > 0 && !use_chroot) {
+ /* we're not going to chroot. fix home directory so we can
+ access it. */
if (*home == '\0' || strcmp(home, "/") == 0)
home = chroot;
else
More information about the dovecot-cvs
mailing list