[dovecot-cvs] dovecot/src/master settings.c,1.34,1.35 ssl-init.c,1.5,1.6
cras at procontrol.fi
cras at procontrol.fi
Sat Dec 21 14:42:38 EET 2002
Update of /home/cvs/dovecot/src/master
In directory danu:/tmp/cvs-serv25705/master
Modified Files:
settings.c ssl-init.c
Log Message:
Make sure SSL parameters file has correct permissions before using it. Also
use effective uid/gid for checking the base dir, don't assume roots..
Index: settings.c
===================================================================
RCS file: /home/cvs/dovecot/src/master/settings.c,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -d -r1.34 -r1.35
--- settings.c 21 Dec 2002 12:13:59 -0000 1.34
+++ settings.c 21 Dec 2002 12:42:36 -0000 1.35
@@ -233,7 +233,7 @@
/* since they're under /var/run by default, they may have been
deleted. */
- if (safe_mkdir(PKG_RUNDIR, 0700, 0, 0) == 0) {
+ if (safe_mkdir(PKG_RUNDIR, 0700, geteuid(), getegid()) == 0) {
i_warning("Corrected permissions for base directory %s",
PKG_RUNDIR);
}
Index: ssl-init.c
===================================================================
RCS file: /home/cvs/dovecot/src/master/ssl-init.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- ssl-init.c 18 Dec 2002 15:15:42 -0000 1.5
+++ ssl-init.c 21 Dec 2002 12:42:36 -0000 1.6
@@ -67,13 +67,14 @@
static void check_parameters_file(void)
{
struct stat st;
+ time_t regen_time;
if (set_ssl_parameters_file == NULL || set_ssl_disable || generating)
return;
- if (stat(set_ssl_parameters_file, &st) != 0) {
+ if (lstat(set_ssl_parameters_file, &st) < 0) {
if (errno != ENOENT) {
- i_error("stat() failed for SSL parameters file %s: %m",
+ i_error("lstat() failed for SSL parameters file %s: %m",
set_ssl_parameters_file);
return;
}
@@ -81,8 +82,10 @@
st.st_mtime = 0;
}
- if (st.st_mtime +
- (time_t)(set_ssl_parameters_regenerate*3600) < ioloop_time)
+ /* make sure it's new enough and the permissions are correct */
+ regen_time = st.st_mtime + (time_t)(set_ssl_parameters_regenerate*3600);
+ if (regen_time < ioloop_time || (st.st_mode & 077) != 0 ||
+ st.st_uid != geteuid() || st.st_gid != getegid())
start_generate_process();
}
More information about the dovecot-cvs
mailing list