dovecot-1.1: mail_privileged_group setting prevents core dumps -...
dovecot at dovecot.org
dovecot at dovecot.org
Wed Mar 25 21:38:42 EET 2009
details: http://hg.dovecot.org/dovecot-1.1/rev/3e5494da8e37
changeset: 8224:3e5494da8e37
user: Timo Sirainen <tss at iki.fi>
date: Wed Mar 25 15:38:36 2009 -0400
description:
mail_privileged_group setting prevents core dumps - mention it in logging.
diffstat:
2 files changed, 7 insertions(+), 2 deletions(-)
src/master/child-process.c | 4 ++++
src/master/mail-process.c | 5 +++--
diffs (29 lines):
diff -r 275be458d747 -r 3e5494da8e37 src/master/child-process.c
--- a/src/master/child-process.c Tue Mar 24 18:52:53 2009 -0400
+++ b/src/master/child-process.c Wed Mar 25 15:38:36 2009 -0400
@@ -160,6 +160,10 @@ log_coredump(string_t *str, enum process
#ifndef HAVE_PR_SET_DUMPABLE
if (!settings_root->defaults->mail_drop_priv_before_exec) {
str_append(str, " (core not dumped - set mail_drop_priv_before_exec=yes)");
+ return;
+ }
+ if (*settings_root->defaults->mail_privileged_group != '\0') {
+ str_append(str, " (core not dumped - mail_privileged_group prevented it)");
return;
}
#endif
diff -r 275be458d747 -r 3e5494da8e37 src/master/mail-process.c
--- a/src/master/mail-process.c Tue Mar 24 18:52:53 2009 -0400
+++ b/src/master/mail-process.c Wed Mar 25 15:38:36 2009 -0400
@@ -873,8 +873,9 @@ create_mail_process(enum process_type pr
if (set->mail_drop_priv_before_exec) {
restrict_access_by_env(TRUE);
/* privileged GID is now only in saved-GID. if we want to
- preserve it accross exec, it needs to be temporarily
- in effective gid */
+ preserve it across exec, it needs to be temporarily
+ in effective gid. unfortunately this also causes kernel
+ to think we're a setgid-program. */
restrict_access_use_priv_gid();
}
More information about the dovecot-cvs
mailing list