[Dovecot] RC7: BUG! and patch [Was: Re: rc7 bug? [Was: deliver LDA and INBOX location] (fwd)] (fwd)

David Lee t.d.lee at durham.ac.uk
Mon Sep 25 12:43:39 EEST 2006


On Fri, 22 Sep 2006, Timo Sirainen wrote:

> On Fri, 2006-09-15 at 14:59 +0100, David Lee wrote:
> > Could someone confirm, please, that this bug report and its proposed fix
> > are being checked?
> >
> > 1. Is my analysis (message below) about right?
> > 2. Is my proposed patch (attached) about right?
> > 3. Is this being addressed for "rc8" (or whatever) and its successors?
>
> +       /* get user's details (in particular, the real uid) */
> +       upw = getpwnam(user);
> +       if (upw == NULL) {
> +               i_fatal("Couldn't lookup user's details (user=%s)", user);
> +       }
> +       uid = upw->pw_uid;
>
> This is wrong, because it doesn't work with virtual users. The uid is
> already looked up from userdb and either it's the same as the user who's
> runnning deliver, or if deliver is run as root the privileges are
> dropped. In either case you can get the uid with just geteuid() call.
>
> I think this should work (not tested though):
>
> http://dovecot.org/list/dovecot-cvs/2006-September/006408.html

Many thanks.

I (a dovecot newbie, so unaware of the "virtual user" subtleties) have
just tried your version in our environment: it seems to fix the bug we had
encountered.


-- 

:  David Lee                                I.T. Service          :
:  Senior Systems Programmer                Computer Centre       :
:                                           Durham University     :
:  http://www.dur.ac.uk/t.d.lee/            South Road            :
:                                           Durham DH1 3LE        :
:  Phone: +44 191 334 2752                  U.K.                  :


More information about the dovecot mailing list