[Dovecot] RC7: BUG! and patch [Was: Re: rc7 bug? [Was: deliver LDA and INBOX location] (fwd)] (fwd)
David Lee
t.d.lee at durham.ac.uk
Mon Sep 25 12:43:39 EEST 2006
On Fri, 22 Sep 2006, Timo Sirainen wrote:
> On Fri, 2006-09-15 at 14:59 +0100, David Lee wrote:
> > Could someone confirm, please, that this bug report and its proposed fix
> > are being checked?
> >
> > 1. Is my analysis (message below) about right?
> > 2. Is my proposed patch (attached) about right?
> > 3. Is this being addressed for "rc8" (or whatever) and its successors?
>
> + /* get user's details (in particular, the real uid) */
> + upw = getpwnam(user);
> + if (upw == NULL) {
> + i_fatal("Couldn't lookup user's details (user=%s)", user);
> + }
> + uid = upw->pw_uid;
>
> This is wrong, because it doesn't work with virtual users. The uid is
> already looked up from userdb and either it's the same as the user who's
> runnning deliver, or if deliver is run as root the privileges are
> dropped. In either case you can get the uid with just geteuid() call.
>
> I think this should work (not tested though):
>
> http://dovecot.org/list/dovecot-cvs/2006-September/006408.html
Many thanks.
I (a dovecot newbie, so unaware of the "virtual user" subtleties) have
just tried your version in our environment: it seems to fix the bug we had
encountered.
--
: David Lee I.T. Service :
: Senior Systems Programmer Computer Centre :
: Durham University :
: http://www.dur.ac.uk/t.d.lee/ South Road :
: Durham DH1 3LE :
: Phone: +44 191 334 2752 U.K. :
More information about the dovecot
mailing list