as a reminder if you didn't follow the thread. this only avoids inheritance assumption. if you have shared folders, they should be g+s to delegate (group) ownership. also, this is for 2.x -david On 11/10/2010 01:48 PM, David Ford wrote:
Use this patch, it fixes dovecot's ownership inheritance assumptions.
Colt ~ # cat /usr/local/portage/net-mail/dovecot/files/dovecot-2.0.5-bad-permissions-inheritance.patch
--- src/lib-storage/mailbox-list.c.orig 2010-09-14 11:03:18.000000000 -0400 +++ src/lib-storage/mailbox-list.c 2010-10-14 15:20:15.000000000 -0400 @@ -25,6 +25,9 @@ #include
#include #include +#include +#include +#include /* 20 * (200+1) < 4096 which is the standard PATH_MAX. Having these settings prevents malicious user from creating eg. "a/a/a/.../a" mailbox name and @@ -450,7 +453,7 @@ }
if (S_ISDIR(st.st_mode) && (st.st_mode & S_ISGID) != 0) { - /* directory's GID is used automatically for new + /* directory is sgid, so GID is used automatically for new files */ *gid_r = (gid_t)-1; } else if ((st.st_mode & 0070) >> 3 == (st.st_mode & 0007)) { @@ -460,8 +463,39 @@ } else if (getegid() == st.st_gid) { /* using our own gid, no need to change it */ *gid_r = (gid_t)-1; - } else { - *gid_r = st.st_gid; + } + + else { + /* test for unusable inheritance. logic sets fgid_me to st.gid + for unlikely case of lookup failure and we just fall through */ + int j, ngroups = 999; + gid_t *groups; + gid_t fgid_me = st.st_gid; + + groups = malloc(ngroups * sizeof (gid_t)); + if (groups != NULL) { + uid_t egid = getegid(); + struct passwd *pw = getpwuid(geteuid()); + if (pw != NULL) { + /* get pw entry for test using my current effective uid */ + if (getgrouplist(pw->pw_name, egid, groups, &ngroups) != -1) { + /* get list of group IDs my euid belongs to, ngroups + will be set to the number of groups I belong to */ + fgid_me = egid; + for (j = 0; j < ngroups; j++) { + /* enumerate list, test to see if i belong + to gid of parent directory */ + if (st.st_gid == groups[j]) { + /* if so, switch to parent gid */ + fgid_me = st.st_gid; + } + } + } + } + free(groups); + } + + *gid_r = fgid_me; } }
On 11/10/2010 01:34 PM, Knute Johnson wrote:
Hi:
I get the occasional error below. Is there something I don't have configured correctly? Or should I just ignore this? It is not always this file, sometimes it is the cache.lock file or the log.newlock file. I have a mail client running on my computer and my phone at the same time, could that have something to do with it?
Nov 10 08:32:59 rabbitbrush dovecot: IMAP(bob): fchown(/home/bob/mail/.imap/INBOX/dovecot.index.tmp, -1, 8(mail)) failed: Operation not permitted (egid=1000(bob), group based on /var/mail/bob)
From dovecot -n
# 1.2.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-25-generic i686 Ubuntu 10.04.1 LTS log_timestamp: %Y-%m-%d %H:%M:%S protocols: imaps ssl_cert_file: /etc/ssl/certs/ssl-cert-snakeoil.pem ssl_key_file: /etc/ssl/private/ssl-cert-snakeoil.key login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login mail_privileged_group: mail mail_location: mbox:~/mail:INBOX=/var/mail/%u mbox_write_locks: fcntl dotlock auth default: passdb: driver: pam userdb: driver: passwd
Thanks very much,