dovecot-2.2-pigeonhole: lib-sieve: program-client: Made sure tha...

pigeonhole at rename-it.nl pigeonhole at rename-it.nl
Thu May 8 19:23:45 UTC 2014 

details:   http://hg.rename-it.nl/dovecot-2.2-pigeonhole/rev/2a8af66dc66a
changeset: 1855:2a8af66dc66a
user:      Stephan Bosch <stephan at rename-it.nl>
date:      Thu May 08 21:23:24 2014 +0200
description:
lib-sieve: program-client: Made sure that programs are never forked with root privileges.

diffstat:

 src/lib-sieve/util/program-client-local.c                |  37 ++++++++++++++++
 src/lib-sieve/util/program-client.h                      |   3 +
 src/plugins/sieve-extprograms/sieve-extprograms-common.c |   2 +
 3 files changed, 42 insertions(+), 0 deletions(-)

diffs (72 lines):

diff -r dc038c03b376 -r 2a8af66dc66a src/lib-sieve/util/program-client-local.c
--- a/src/lib-sieve/util/program-client-local.c	Wed May 07 21:17:43 2014 +0200
+++ b/src/lib-sieve/util/program-client-local.c	Thu May 08 21:23:24 2014 +0200
@@ -177,6 +177,43 @@
 				i_error("close(extra_fd[0]) failed: %m");
 		}
 
+		/* drop privileges if we have any */
+		if ( getuid() == 0 ) {
+			uid_t uid;
+			gid_t gid;
+
+			/* switch back to root */
+			if (seteuid(0) < 0)
+				i_fatal("seteuid(0) failed: %m");
+
+			/* drop gid first */
+			gid = getgid();
+			if ( gid == 0 || gid != pclient->set.gid ) {
+				if ( pclient->set.gid != 0 ) {
+					if ( setgid(pclient->set.gid) < 0 )
+						i_fatal("setgid(%d) failed: %m", pclient->set.gid);
+				} else {
+					gid = getegid();
+					if (gid != 0 && setgid(gid) < 0) {
+						i_fatal("setgid(%d) failed: %m", gid);
+					}
+				}
+			}
+		
+			/* drop uid */
+			if ( pclient->set.uid != 0 ) {
+				if ( setuid(pclient->set.uid) )
+					i_fatal("setuid(%d) failed: %m", pclient->set.uid);
+			} else {
+				uid = geteuid();
+				if ( uid != 0 && setuid(uid) < 0 )
+					i_fatal("setuid(%d) failed: %m", uid);
+			}
+		}
+
+		i_assert(getuid() != 0);
+		i_assert(getgid() != 0);
+
 		if ( array_is_created(&pclient->envs) )
 			envs = array_get(&pclient->envs, &count);
 
diff -r dc038c03b376 -r 2a8af66dc66a src/lib-sieve/util/program-client.h
--- a/src/lib-sieve/util/program-client.h	Wed May 07 21:17:43 2014 +0200
+++ b/src/lib-sieve/util/program-client.h	Thu May 08 21:23:24 2014 +0200
@@ -10,6 +10,9 @@
 	unsigned int client_connect_timeout_msecs;
 	unsigned int input_idle_timeout_secs;
 
+	uid_t uid;
+	gid_t gid;
+
 	unsigned int debug:1;
 	unsigned int drop_stderr:1;
 };
diff -r dc038c03b376 -r 2a8af66dc66a src/plugins/sieve-extprograms/sieve-extprograms-common.c
--- a/src/plugins/sieve-extprograms/sieve-extprograms-common.c	Wed May 07 21:17:43 2014 +0200
+++ b/src/plugins/sieve-extprograms/sieve-extprograms-common.c	Thu May 08 21:23:24 2014 +0200
@@ -520,6 +520,8 @@
 	sprog->set.client_connect_timeout_msecs =
 		SIEVE_EXTPROGRAMS_CONNECT_TIMEOUT_MSECS;
 	sprog->set.input_idle_timeout_secs = ext_config->execute_timeout;
+	sprog->set.uid = senv->user->uid;
+	sprog->set.gid = senv->user->gid;
 	sprog->set.debug = svinst->debug;
 
 	if ( fork ) {

More information about the dovecot-cvs mailing list