Hi,

I started experimenting with ACLs and found I could reliably and reproducibly crash the IMAP process when trying to create a subfolder of a folder that has has ACLs set. The folder is called "Sent" with an ACL of "owner lrwstipke". I wanted to be able to have certain folders the the user cannot delete but where subfolders can be created freely.

Relevant information follows and I hope the backtrace is useful (lots of "value optimized out" entries). You can also find everything from below on https://daff.pseudoterminal.org/misc/dovecot/.

Please tell me if I can provide more information.

dovecot -n:

# 1.2.4: /usr/local/etc/dovecot.conf # OS: Linux 2.6.26-2-686 i686 Debian 5.0.2 log_timestamp: %Y-%m-%d %H:%M:%S protocols: managesieve imap imaps pop3 pop3s login_dir: /usr/local/var/run/dovecot/login login_executable(default): /usr/local/libexec/dovecot/imap-login login_executable(imap): /usr/local/libexec/dovecot/imap-login login_executable(pop3): /usr/local/libexec/dovecot/pop3-login login_executable(managesieve): /usr/local/libexec/dovecot/managesieve-login mail_access_groups: mail mail_privileged_group: mail mail_location: maildir:~/Maildir mail_drop_priv_before_exec: yes mail_executable(default): /usr/local/libexec/dovecot/imap mail_executable(imap): /usr/local/libexec/dovecot/imap mail_executable(pop3): /usr/local/libexec/dovecot/pop3 mail_executable(managesieve): /usr/local/libexec/dovecot/managesieve mail_plugins(default): autocreate acl mail_plugins(imap): autocreate acl mail_plugins(pop3): mail_plugins(managesieve): mail_plugin_dir(default): /usr/local/lib/dovecot/imap mail_plugin_dir(imap): /usr/local/lib/dovecot/imap mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3 mail_plugin_dir(managesieve): /usr/local/lib/dovecot/managesieve namespace: type: public separator: . prefix: Public. location: maildir:/var/mail/public:CONTROL=~/Maildir/control/public:INDEX=~/Maildir/index/public list: yes namespace: type: private separator: . prefix: Backup. location: maildir:~/Maildir-backup hidden: yes list: no namespace: type: private separator: . inbox: yes list: yes subscriptions: yes lda: log_path: info_log_path: auth_socket_path: /var/run/dovecot/auth-master postmaster_address: postmaster@mailtest0.rise-s.com mail_plugins: sieve acl auth default: mechanisms: plain login passdb: driver: pam passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: passwd userdb: driver: static args: uid=vmail gid=vmail home=/var/vmail/%Ld/%Ln allow_all_users=yes socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: vmail plugin: sieve: ~/.dovecot.sieve sieve_dir: ~/sieve sieve_global_path: /etc/dovecot/sieve/default.sieve sieve_global_dir: /etc/dovecot/sieve/global/ sieve_before: /etc/dovecot/sieve/before/ autocreate: Trash autocreate2: Drafts autocreate3: Sent autocreate4: INBOX.Spam autosubscribe: Trash autosubscribe2: Drafts autosubscribe3: Sent autosubscribe4: INBOX.Spam acl: vfile:/etc/dovecot/acl

Log entry:

Aug 28 01:08:01 mailtest0 dovecot: IMAP(andreas.ntaflos@example1.rise-s.com): Panic: file acl-backend-vfile.c: line 1124 (acl_backend_vfile_object_update): assertion failed: (!update->rights.global) Aug 28 01:08:01 mailtest0 dovecot: IMAP(andreas.ntaflos@example1.rise-s.com): Raw backtrace: imap [0x80f1ec1] -> imap [0x80f1f42] -> imap [0x80f18c9] -> /usr/local/lib/dovecot/imap/lib01_acl_plugin.so [0xb7dddcf6] -> /usr/local/lib/dovecot/imap/lib01_acl_plugin.so(acl_object_update+0x18) [0xb7ddb1a8] -> /usr/local/lib/dovecot/imap/lib01_acl_plugin.so [0xb7de2ac7] -

imap(cmd_create+0xf9) [0x80618d9] -> imap [0x80679fc] -> imap [0x8067a99] -> imap(client_handle_input+0x2d) [0x8067c0d] -> imap(client_input+0x5f) [0x806856f] -> imap(io_loop_handler_run+0xe0) [0x80fac40] -> imap(io_loop_run+0x20) [0x80fa0b0] -> imap(main+0x5ea) [0x807104a] -> /lib/i686/cmov/libc.so.6(__libc_start_main+0xe5) [0xb7e15455] -> imap [0x8060291] Aug 28 01:08:01 mailtest0 dovecot: dovecot: child 1588 (imap) killed with signal 6 (core dumped)

Backtrace:

#0 0xb7f70424 in __kernel_vsyscall () No symbol table info available. #1 0xb7e2a640 in raise () from /lib/i686/cmov/libc.so.6 No symbol table info available. #2 0xb7e2c018 in abort () from /lib/i686/cmov/libc.so.6 No symbol table info available. #3 0x080f1ed5 in default_fatal_finish (type=<value optimized out>, status=0) at failures.c:160 backtrace = 0x93e5628 "imap [0x80f1ec1] -> imap [0x80f1f42] -> imap [0x80f18c9] -> /usr/local/lib/dovecot/imap/lib01_acl_plugin.so [0xb7dddcf6] -> /usr/local/lib/dovecot/imap/lib01_acl_plugin.so(acl_object_update+0x18) [0xb"... #4 0x080f1f42 in i_internal_fatal_handler (type=LOG_TYPE_PANIC, status=0, fmt=0xb7de3094 "file %s: line %d (%s): assertion failed: (%s)", args=0xbff8b9c4 "�3޷d\004") at failures.c:440 No locals. #5 0x080f18c9 in i_panic (format=0xb7de3094 "file %s: line %d (%s): assertion failed: (%s)") at failures.c:207 No locals. #6 0xb7dddcf6 in acl_backend_vfile_object_update (_aclobj=0x942c270, update=0xbff8bad0) at acl-backend-vfile.c:1124 dotlock = <value optimized out> path = <value optimized out> i = <value optimized out> fd = <value optimized out> changed = <value optimized out> __PRETTY_FUNCTION__ = "acl_backend_vfile_object_update" #7 0xb7ddb1a8 in acl_object_update (aclobj=0x942c270, update=0xbff8bad0) at acl-api.c:122 No locals. #8 0xb7de2ac7 in acl_mailbox_create (storage=0x93f2c88, name=0x93f9d98 "Sent.2008", directory=false) at acl-storage.c:160 astorage = <value optimized out> ret = <value optimized out> #9 0x080618d9 in cmd_create (cmd=0x93f4ce0) at cmd-create.c:42 ns = <value optimized out> mailbox = 0x93f9d98 "Sent.2008" full_mailbox = 0x93f9d98 "Sent.2008" directory = <value optimized out> #10 0x080679fc in client_command_input (cmd=0x93f4ce0) at client.c:611 client = (struct client *) 0x93f48a0 command = <value optimized out> __PRETTY_FUNCTION__ = "client_command_input" #11 0x08067a99 in client_command_input (cmd=0x93f4ce0) at client.c:660 client = (struct client *) 0x93f48a0 command = <value optimized out> __PRETTY_FUNCTION__ = "client_command_input" #12 0x08067c0d in client_handle_input (client=0x93f48a0) at client.c:701 _data_stack_cur_id = 3 ret = false remove_io = <value optimized out> handled_commands = false __PRETTY_FUNCTION__ = "client_handle_input" #13 0x0806856f in client_input (client=0x93f48a0) at client.c:752 cmd = <value optimized out> output = (struct ostream *) 0x93f4a54 bytes = <value optimized out> __PRETTY_FUNCTION__ = "client_input" #14 0x080fac40 in io_loop_handler_run (ioloop=0x93ed9b0) at ioloop-epoll.c:208 ctx = (struct ioloop_handler_context *) 0x93edab8 event = (const struct epoll_event *) 0x93edaf8 list = (struct io_list *) 0x93f4ab0 io = (struct io_file *) 0x942c888 tv = {tv_sec = 1799, tv_usec = 999357} t_id = 2 msecs = <value optimized out> ret = 1 i = 0 j = 0 call = <value optimized out> #15 0x080fa0b0 in io_loop_run (ioloop=0x93ed9b0) at ioloop.c:335 No locals. #16 0x0807104a in main (argc=Cannot access memory at address 0x634 ) at main.c:327 No locals.