Minor patches for builds against ancient platforms

M. Balridge dovecot at r.paypc.com
Wed Jun 14 01:00:39 EEST 2017


Timo Sirainen inscribed:
> Have you set mbox_very_dirty_syncs=yes? That should be helpful.

Oh, that sounded like a risky option.

I do have mbox_dirty_syncs enabled.

Are there still "safety checks" with the extra down-and-dirty sync option?

Joseph Tam-a-lyne wrote:
 >     doveadm user $user
 >
 > which will supply the second half: it will spit out the UID, GID, home
 > and mail directories of a user as specified by dovecot's
 > configuration.

Yes, that outputs the UID/GID/location of user mail, which can feed a 
tool to audit and/or change directory permissions to conform to 
expectations.

> This is a consequence of writing secure software: it employs least
> privilege so that a fault will not result in someone being able to
> mess around with someone else's mail (or indices).  GID can also
> governaccess to shared mailboxes.

Sure, sure, I understand the notion, as I aspire towards "least 
privilege necessary" designs in my own software. In this case, it seemed 
that the software was throwing an error when it failed to do something 
most unprivileged processes cannot do: change the group ownership of an 
object to a group of which you're not a member.

I would certainly want log entries, sure... but an outright failure when 
ownership/u+ permissions are otherwise supportive of the operation in 
question?

I appreciate the fact my questions (and Piltdown Box) are probably 
noising up your list, and yet you're still both giving me the time of day.

My thanks, once again,
=M=


More information about the dovecot mailing list