dovecot-2.0-sslstream: lda: Fixed binary setuid-checking.

Sat Feb 13 02:55:46 EET 2010

details:   http://hg.dovecot.org/dovecot-2.0-sslstream/rev/13b3a3ce892c
changeset: 10206:13b3a3ce892c
user:      Timo Sirainen <tss at iki.fi>
date:      Tue Oct 27 13:10:54 2009 -0400
description:
lda: Fixed binary setuid-checking.

diffstat:

1 file changed, 1 insertion(+), 1 deletion(-)
src/lda/main.c |    2 +-

diffs (12 lines):

diff -r b55afe3e957c -r 13b3a3ce892c src/lda/main.c

--- a/src/lda/main.c	Tue Oct 27 12:16:42 2009 -0400
+++ b/src/lda/main.c	Tue Oct 27 13:10:54 2009 -0400
@@ -274,7 +274,7 @@ int main(int argc, char *argv[])
 			fprintf(stderr, "stat(%s) failed: %s\n",
 				argv[0], strerror(errno));
 			return EX_TEMPFAIL;
-		} else if ((st.st_mode & 1) != 0) {
+		} else if ((st.st_mode & 1) != 0 && (st.st_mode & 04000) != 0) {
 			fprintf(stderr, "%s must not be both world-executable "
 				"and setuid-root. This allows root exploits. "
 				"See http://wiki.dovecot.org/LDA#multipleuids\n",
