dovecot-2.0-sslstream: anvil, config, log, ssl-params: Drop priv...

[dovecot at dovecot.org]

details:   http://hg.dovecot.org/dovecot-2.0-sslstream/rev/4933856b86d7
changeset: 10321:4933856b86d7
user:      Timo Sirainen <tss at iki.fi>
date:      Thu Nov 12 18:51:08 2009 -0500
description:
anvil, config, log, ssl-params: Drop privileges as configured.

diffstat:

4 files changed, 20 insertions(+), 4 deletions(-)
src/anvil/main.c      |    6 +++++-
src/config/main.c     |    6 +++++-
src/log/main.c        |    6 +++++-
src/ssl-params/main.c |    6 +++++-

diffs (96 lines):

diff -r 506fba223006 -r 4933856b86d7 src/anvil/main.c
--- a/src/anvil/main.c	Thu Nov 12 18:37:57 2009 -0500
+++ b/src/anvil/main.c	Thu Nov 12 18:51:08 2009 -0500
@@ -3,6 +3,7 @@
 #include "common.h"
 #include "array.h"
 #include "env-util.h"
+#include "restrict-access.h"
 #include "master-service.h"
 #include "master-interface.h"
 #include "connect-limit.h"
@@ -24,8 +25,11 @@ int main(int argc, char *argv[])
 	master_service = master_service_init("anvil", 0, &argc, &argv, NULL);
 	if (master_getopt(master_service) > 0)
 		return FATAL_DEFAULT;
+	master_service_init_log(master_service, "anvil: ");
 
-	master_service_init_log(master_service, "anvil: ");
+	restrict_access_by_env(NULL, FALSE);
+	restrict_access_allow_coredumps(TRUE);
+
 	master_service_init_finish(master_service);
 	connect_limit = connect_limit_init();
 	penalty = penalty_init();
diff -r 506fba223006 -r 4933856b86d7 src/config/main.c
--- a/src/config/main.c	Thu Nov 12 18:37:57 2009 -0500
+++ b/src/config/main.c	Thu Nov 12 18:51:08 2009 -0500
@@ -3,6 +3,7 @@
 #include "lib.h"
 #include "array.h"
 #include "env-util.h"
+#include "restrict-access.h"
 #include "master-service.h"
 #include "config-connection.h"
 #include "config-parser.h"
@@ -20,8 +21,11 @@ int main(int argc, char *argv[])
 	master_service = master_service_init("config", 0, &argc, &argv, NULL);
 	if (master_getopt(master_service) > 0)
 		return FATAL_DEFAULT;
+	master_service_init_log(master_service, "config: ");
 
-	master_service_init_log(master_service, "config: ");
+	restrict_access_by_env(NULL, FALSE);
+	restrict_access_allow_coredumps(TRUE);
+
 	master_service_init_finish(master_service);
 	config_parse_load_modules();
 
diff -r 506fba223006 -r 4933856b86d7 src/log/main.c
--- a/src/log/main.c	Thu Nov 12 18:37:57 2009 -0500
+++ b/src/log/main.c	Thu Nov 12 18:51:08 2009 -0500
@@ -2,6 +2,7 @@
 
 #include "common.h"
 #include "lib-signals.h"
+#include "restrict-access.h"
 #include "master-interface.h"
 #include "master-service.h"
 #include "master-service-settings.h"
@@ -51,8 +52,11 @@ int main(int argc, char *argv[])
 	if (master_service_settings_read_simple(master_service,
 						NULL, &error) < 0)
 		i_fatal("Error reading configuration: %s", error);
+	master_service_init_log(master_service, "log: ");
 
-	master_service_init_log(master_service, "log: ");
+	restrict_access_by_env(NULL, FALSE);
+	restrict_access_allow_coredumps(TRUE);
+
 	master_service_init_finish(master_service);
 
 	/* logging should never die if there are some clients */
diff -r 506fba223006 -r 4933856b86d7 src/ssl-params/main.c
--- a/src/ssl-params/main.c	Thu Nov 12 18:37:57 2009 -0500
+++ b/src/ssl-params/main.c	Thu Nov 12 18:51:08 2009 -0500
@@ -4,6 +4,7 @@
 #include "lib-signals.h"
 #include "array.h"
 #include "ostream.h"
+#include "restrict-access.h"
 #include "master-service.h"
 #include "ssl-params-settings.h"
 #include "ssl-params.h"
@@ -122,8 +123,11 @@ int main(int argc, char *argv[])
 
 	if (master_getopt(master_service) > 0)
 		return FATAL_DEFAULT;
+	set = ssl_params_settings_read(master_service);
 
-	set = ssl_params_settings_read(master_service);
+	restrict_access_by_env(NULL, FALSE);
+	restrict_access_allow_coredumps(TRUE);
+
 	master_service_init_finish(master_service);
 
 #ifndef HAVE_SSL