29 Dec
2009
29 Dec
'09
10:04 a.m.
Hi all.
I've had a hard time trying to find out why deliver isn't working after I've updated dovecot from v1.11 to v1.2.8. It just gave me EX_TEMPFAIL without any info in the logs. My deliver was setuid-root.
Once I've made a simple shell wrapper script for the deliver executable which saves deliver's stdout+stderr, I've found the reason:
/usr/local/libexec/dovecot/deliver must not be both world-executable and setuid-root. This allows root exploits. See http://wiki.dovecot.org/LDA#multipleuids
Did a 'chmod o-x deliver' and fixed groups/owners and now everything works as it should.
I think this error message should go to log files, not just to stdout/stderr. And it's worth to describe this behaviour in the Wiki.
Cheers, Denis