On Thu, 2009-11-19 at 14:25 -0500, Frank Cusack wrote:
If /var/run/dovecot does not exist when dovecot starts up (e.g. required when /var/run is a tmpfs/ramfs), it creates it. But it creates it with the wrong file mode -- the directory is mode 777. Being world writable means any user could change the name of any file within the directory, including the login directory, and then create their own new login directory. Or remove the pid file, or perhaps cause other types of havoc.
Interesting. This bug had existed in probably all v1.2 versions, but I noticed and fixed it about an hour before seeing your email. Sometimes it seems like this happens a bit too often, an old bug gets noticed by multiple people very close to each others. :)
Anyway, here's the fix: http://hg.dovecot.org/dovecot-1.2/rev/3ebbccdc05e6
(v1.0 and v1.1 were actually also creating it with 0777, but they immediately chmoded it back to 0755. That's why when I removed the chmod code that was only for backwards compatibility it broke.)