dovecot-1.2: mail_privileged_group setting prevents core dumps -...

[dovecot at dovecot.org]

details:   http://hg.dovecot.org/dovecot-1.2/rev/9d00503821d6
changeset: 8861:9d00503821d6
user:      Timo Sirainen <tss at iki.fi>
date:      Wed Mar 25 15:38:57 2009 -0400
description:
mail_privileged_group setting prevents core dumps - mention it in logging.

diffstat:

2 files changed, 7 insertions(+), 2 deletions(-)
src/master/child-process.c |    4 ++++
src/master/mail-process.c  |    5 +++--

diffs (29 lines):

diff -r 7bdc9d0bc9e6 -r 9d00503821d6 src/master/child-process.c
--- a/src/master/child-process.c	Wed Mar 25 14:46:47 2009 -0400
+++ b/src/master/child-process.c	Wed Mar 25 15:38:57 2009 -0400
@@ -160,6 +160,10 @@ log_coredump(string_t *str, enum process
 #ifndef HAVE_PR_SET_DUMPABLE
 		if (!settings_root->defaults->mail_drop_priv_before_exec) {
 			str_append(str, " (core not dumped - set mail_drop_priv_before_exec=yes)");
+			return;
+		}
+		if (*settings_root->defaults->mail_privileged_group != '\0') {
+			str_append(str, " (core not dumped - mail_privileged_group prevented it)");
 			return;
 		}
 #endif
diff -r 7bdc9d0bc9e6 -r 9d00503821d6 src/master/mail-process.c
--- a/src/master/mail-process.c	Wed Mar 25 14:46:47 2009 -0400
+++ b/src/master/mail-process.c	Wed Mar 25 15:38:57 2009 -0400
@@ -905,8 +905,9 @@ create_mail_process(enum process_type pr
 	if (set->mail_drop_priv_before_exec) {
 		restrict_access_by_env(TRUE);
 		/* privileged GID is now only in saved-GID. if we want to
-		   preserve it accross exec, it needs to be temporarily
-		   in effective gid */
+		   preserve it across exec, it needs to be temporarily
+		   in effective gid. unfortunately this also causes kernel
+		   to think we're a setgid-program. */
 		restrict_access_use_priv_gid();
 	}