[Dovecot] Permission denied
Matthias Andree
matthias.andree at gmx.de
Sun Jul 13 15:32:30 EEST 2003
Timo Sirainen <tss at iki.fi> writes:
> Yes, so why is it worse to add any branches running with temporarily
> dropped privileges than running with full privileges? Or are you
> thinking that some geteuid() call then doesn't return 0 and thinks it's
> not running as root?
I'd be very chary about spreading UID fiddling over the code, that's
all. It must be easy to see at a single glance.
> Actually core dumps aren't either written by default since kernel thinks
> it's running setuid-binary. You'd have to set mail_drop_priv_before_exec
> = yes to allow that.
Modulo kernel bugs under ptrace ;-)
--
Matthias Andree
More information about the dovecot
mailing list