[Dovecot] RC7: BUG! and patch [Was: Re: rc7 bug? [Was: deliver LDA and INBOX location] (fwd)] (fwd)

[Timo Sirainen]

On Fri, 2006-09-15 at 14:59 +0100, David Lee wrote:
> Could someone confirm, please, that this bug report and its proposed fix
> are being checked?
> 
> 1. Is my analysis (message below) about right?
> 2. Is my proposed patch (attached) about right?
> 3. Is this being addressed for "rc8" (or whatever) and its successors?

+       /* get user's details (in particular, the real uid) */
+       upw = getpwnam(user);
+       if (upw == NULL) {
+               i_fatal("Couldn't lookup user's details (user=%s)", user);
+       }
+       uid = upw->pw_uid;

This is wrong, because it doesn't work with virtual users. The uid is
already looked up from userdb and either it's the same as the user who's
runnning deliver, or if deliver is run as root the privileges are
dropped. In either case you can get the uid with just geteuid() call.

I think this should work (not tested though):

http://dovecot.org/list/dovecot-cvs/2006-September/006408.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20060922/645da7de/attachment.pgp