[Dovecot] Dovecot on Linux 2.6.0-test1-ac1

Timo Sirainen tss at iki.fi
Wed Jul 16 10:35:52 EEST 2003


On Wed, 2003-07-16 at 08:56, Grahame Bowland wrote:
> I can imagine why setuid() should ever fail, I've confirmed that the
> daemon is running as UID zero at the time it makes the call. However,
> the call succeeds if I comment out:
>     restrict_process_size((unsigned int)-1, 1);
> on line 134 of src/login-common/main.c it starts to work again.

How about if it was done after setuid()? :) With a few tests it looks
like Linux 2.4 and OpenBSD are happy with that.

diff -u -r1.11 main.c
--- src/login-common/main.c     19 Jun 2003 02:00:25 -0000      1.11
+++ src/login-common/main.c     16 Jul 2003 06:34:39 -0000
@@ -130,9 +130,6 @@
 
 static void drop_privileges(const char *name)
 {
-       /* make sure we can't fork() */
-       restrict_process_size((unsigned int)-1, 1);
-
        /* Log file or syslog opening probably requires roots */
        open_logfile(name);
 
@@ -143,6 +140,9 @@
        /* Refuse to run as root - we should never need it and it's
           dangerous with SSL. */
        restrict_access_by_env(TRUE);
+
+       /* make sure we can't fork() */
+       restrict_process_size((unsigned int)-1, 1);
 }
 
 static void main_init(void)




More information about the dovecot mailing list