[Dovecot] Index corruption
Gregory Bond
gnb at itga.com.au
Mon Oct 18 08:32:45 EEST 2004
Curtis Maloney wrote:
> I ran into this problem with the later test versions on Solaris 9.
> Joshua Goodall gave me a two line patch (which i don't have here, I'm
> afraid) to revert this check which came in around test43 (from memory).
>
> A check of the list archives finds his recommendation was to use
> src/lib/restrict-access.c revision 1.13 from CVS.
Ah good, it's not just me.
I've had a bit more of a play and I understand it a bit better. Looks
like restrict_access_by_env() is being called in 2 different contexts -
once to establish the "dovecot" user , once as root (presumably in the
auth daemon). The call as root fails because the program tries setgid()
to prove it can't, but as root this works.
The following patch (to test49 version of lib/restrict-access.c) works
for me, but I'm not going to pretend I understand dovecot's auth
framework well enough to know if this is harmless.
(Beware cut-n-paste whitespace munching).
--- src/lib/restrict-access.c.DIST 2004-09-24 23:04:31.000000000 +1000
+++ src/lib/restrict-access.c 2004-10-18 15:04:36.716002000 +1000
@@ -204,7 +204,7 @@
env = getenv("RESTRICT_GID_FIRST");
if (gid != 0 || (env != NULL && atoi(env) != 0)) {
- if (getgid() == 0 || getegid() == 0 || setgid(0) == 0) {
+ if (getgid() == 0 || getegid() == 0 || (uid != 0 &&
setgid(0) == 0)) {
if (gid == 0)
i_fatal("GID 0 isn't permitted");
i_fatal("We couldn't drop root group privileges "
More information about the dovecot
mailing list