dovecot-2.0: imap, pop3: Process permissions weren't properly dr...
dovecot at dovecot.org
dovecot at dovecot.org
Tue Oct 6 01:20:57 EEST 2009
details: http://hg.dovecot.org/dovecot-2.0/rev/4b28edba5ff9
changeset: 9970:4b28edba5ff9
user: Timo Sirainen <tss at iki.fi>
date: Mon Oct 05 18:20:51 2009 -0400
description:
imap, pop3: Process permissions weren't properly dropped.
diffstat:
4 files changed, 20 insertions(+), 12 deletions(-)
src/imap/main.c | 7 +++++--
src/lib-storage/mail-storage-service.c | 14 +++++++-------
src/lib-storage/mail-storage-service.h | 4 +++-
src/pop3/main.c | 7 +++++--
diffs (85 lines):
diff -r a249daa4d960 -r 4b28edba5ff9 src/imap/main.c
--- a/src/imap/main.c Mon Oct 05 18:06:13 2009 -0400
+++ b/src/imap/main.c Mon Oct 05 18:20:51 2009 -0400
@@ -173,8 +173,11 @@ int main(int argc, char *argv[], char *e
if (IS_STANDALONE())
service_flags |= MASTER_SERVICE_FLAG_STANDALONE;
- else
- storage_service_flags |= MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT;
+ else {
+ storage_service_flags |=
+ MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT |
+ MAIL_STORAGE_SERVICE_FLAG_RESTRICT_BY_ENV;
+ }
dump_capability = getenv("DUMP_CAPABILITY") != NULL;
if (dump_capability) {
diff -r a249daa4d960 -r 4b28edba5ff9 src/lib-storage/mail-storage-service.c
--- a/src/lib-storage/mail-storage-service.c Mon Oct 05 18:06:13 2009 -0400
+++ b/src/lib-storage/mail-storage-service.c Mon Oct 05 18:20:51 2009 -0400
@@ -302,12 +302,6 @@ service_drop_privileges(const struct mai
if (seteuid(setuid_uid) < 0)
i_fatal("seteuid(%s) failed: %m", dec2str(setuid_uid));
}
- if (rset.chroot_dir == NULL) {
- /* enable core dumps only when we can be sure that the core
- file is written to a safe directory. with chrooting we're
- chrooting to user's home dir. */
- restrict_access_allow_coredumps(TRUE);
- }
}
static void
@@ -583,12 +577,18 @@ init_user_real(struct master_service *se
user_set->mail_plugins, TRUE,
master_service_get_version_string(service));
- if ((flags & MAIL_STORAGE_SERVICE_FLAG_NO_RESTRICT_ACCESS) == 0) {
+ if ((flags & MAIL_STORAGE_SERVICE_FLAG_NO_RESTRICT_ACCESS) != 0) {
+ /* no changes */
+ } else if ((flags & MAIL_STORAGE_SERVICE_FLAG_RESTRICT_BY_ENV) != 0) {
+ restrict_access_by_env(home,
+ (flags & MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT) != 0);
+ } else {
service_drop_privileges(user_set, system_groups_user, home,
(flags & MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT) != 0,
FALSE);
}
/* privileges are now dropped */
+ restrict_access_allow_coredumps(TRUE);
dict_drivers_register_builtin();
module_dir_init(modules);
diff -r a249daa4d960 -r 4b28edba5ff9 src/lib-storage/mail-storage-service.h
--- a/src/lib-storage/mail-storage-service.h Mon Oct 05 18:06:13 2009 -0400
+++ b/src/lib-storage/mail-storage-service.h Mon Oct 05 18:20:51 2009 -0400
@@ -14,8 +14,10 @@ enum mail_storage_service_flags {
MAIL_STORAGE_SERVICE_FLAG_DEBUG = 0x04,
/* Keep the current process permissions */
MAIL_STORAGE_SERVICE_FLAG_NO_RESTRICT_ACCESS = 0x08,
+ /* Get the process permissions from environment */
+ MAIL_STORAGE_SERVICE_FLAG_RESTRICT_BY_ENV = 0x10,
/* Don't chdir() to user's home */
- MAIL_STORAGE_SERVICE_FLAG_NO_CHDIR = 0x10
+ MAIL_STORAGE_SERVICE_FLAG_NO_CHDIR = 0x20
};
struct mail_storage_service_input {
diff -r a249daa4d960 -r 4b28edba5ff9 src/pop3/main.c
--- a/src/pop3/main.c Mon Oct 05 18:06:13 2009 -0400
+++ b/src/pop3/main.c Mon Oct 05 18:20:51 2009 -0400
@@ -85,8 +85,11 @@ int main(int argc, char *argv[], char *e
if (IS_STANDALONE())
service_flags |= MASTER_SERVICE_FLAG_STANDALONE;
- else
- storage_service_flags |= MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT;
+ else {
+ storage_service_flags |=
+ MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT |
+ MAIL_STORAGE_SERVICE_FLAG_RESTRICT_BY_ENV;
+ }
master_service = master_service_init("pop3", service_flags, argc, argv);
while ((c = getopt(argc, argv, master_service_getopt_string())) > 0) {
More information about the dovecot-cvs
mailing list