dovecot-1.2: mail_privileged_group setting prevents core dumps -...
dovecot at dovecot.org
dovecot at dovecot.org
Wed Mar 25 21:39:07 EET 2009
details: http://hg.dovecot.org/dovecot-1.2/rev/9d00503821d6
changeset: 8861:9d00503821d6
user: Timo Sirainen <tss at iki.fi>
date: Wed Mar 25 15:38:57 2009 -0400
description:
mail_privileged_group setting prevents core dumps - mention it in logging.
diffstat:
2 files changed, 7 insertions(+), 2 deletions(-)
src/master/child-process.c | 4 ++++
src/master/mail-process.c | 5 +++--
diffs (29 lines):
diff -r 7bdc9d0bc9e6 -r 9d00503821d6 src/master/child-process.c
--- a/src/master/child-process.c Wed Mar 25 14:46:47 2009 -0400
+++ b/src/master/child-process.c Wed Mar 25 15:38:57 2009 -0400
@@ -160,6 +160,10 @@ log_coredump(string_t *str, enum process
#ifndef HAVE_PR_SET_DUMPABLE
if (!settings_root->defaults->mail_drop_priv_before_exec) {
str_append(str, " (core not dumped - set mail_drop_priv_before_exec=yes)");
+ return;
+ }
+ if (*settings_root->defaults->mail_privileged_group != '\0') {
+ str_append(str, " (core not dumped - mail_privileged_group prevented it)");
return;
}
#endif
diff -r 7bdc9d0bc9e6 -r 9d00503821d6 src/master/mail-process.c
--- a/src/master/mail-process.c Wed Mar 25 14:46:47 2009 -0400
+++ b/src/master/mail-process.c Wed Mar 25 15:38:57 2009 -0400
@@ -905,8 +905,9 @@ create_mail_process(enum process_type pr
if (set->mail_drop_priv_before_exec) {
restrict_access_by_env(TRUE);
/* privileged GID is now only in saved-GID. if we want to
- preserve it accross exec, it needs to be temporarily
- in effective gid */
+ preserve it across exec, it needs to be temporarily
+ in effective gid. unfortunately this also causes kernel
+ to think we're a setgid-program. */
restrict_access_use_priv_gid();
}
More information about the dovecot-cvs
mailing list