[Dovecot] [PATCH] drop root privileges on solaris, request for testing

Fri Nov 21 14:30:48 EET 2008

Hello all,

this patch allows master process to drop more root priveleges under
Solaris. My limited testing shows that code works, but I'm not sure
that defined privilege set is permissive enough for dovecot.

Unfortunately I have no root access to our Solaris servers to really
test it. So if someone is ready to test this patch please do it :)

Best regards.
-------------- next part --------------
diff -r 8f41c9f3f392 configure.in

--- a/configure.in	Wed Nov 19 16:11:01 2008 +0200
+++ b/configure.in	Wed Nov 19 14:31:56 2008 +0000
@@ -461,7 +461,8 @@ AC_CHECK_FUNCS(fcntl flock lockf inet_at
 	       setrlimit setproctitle seteuid setreuid setegid setresgid \
 	       strtoull strtoll strtouq strtoq \
 	       setpriority quotactl getmntent kqueue kevent backtrace_symbols \
-	       walkcontext dirfd clearenv malloc_usable_size clock_gettime)
+	       walkcontext dirfd clearenv malloc_usable_size clock_gettime \
+	       setppriv)
 
 dnl strtoimax and strtoumax are macros in HP-UX, so inttypes.h must be included
 AC_MSG_CHECKING([for strtoimax])
diff -r 8f41c9f3f392 src/master/Makefile.am
--- a/src/master/Makefile.am	Wed Nov 19 16:11:01 2008 +0200
+++ b/src/master/Makefile.am	Wed Nov 19 14:18:36 2008 +0000
@@ -22,6 +22,7 @@ dovecot_SOURCES = \
 	auth-process.c \
 	askpass.c \
 	capabilities-posix.c \
+	capabilities-solaris.c \
 	child-process.c \
 	dict-process.c \
 	dup2-array.c \
diff -r 8f41c9f3f392 src/master/capabilities.h
--- a/src/master/capabilities.h	Wed Nov 19 16:11:01 2008 +0200
+++ b/src/master/capabilities.h	Wed Nov 19 14:18:38 2008 +0000
@@ -1,7 +1,7 @@
 #ifndef CAPABILITIES_H
 #define CAPABILITIES_H
 
-#if defined(HAVE_LIBCAP)
+#if defined(HAVE_LIBCAP) || defined(HAVE_SETPPRIV)
 
 void drop_capabilities(void);
 
diff -r 8f41c9f3f392 src/master/capabilities-solaris.c
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/master/capabilities-solaris.c	Wed Nov 19 14:18:39 2008 +0000
@@ -0,0 +1,54 @@
+/* Copyright (c) 2008 Dovecot authors, see the included COPYING file */
+
+#include "common.h"
+#include "capabilities.h"
+
+#ifdef HAVE_SETPPRIV
+
+#include <priv.h>
+
+void drop_capabilities(void)
+{
+	static const char* privs[] = {
+		"PRIV_PROC_FORK",
+		"PRIV_PROC_EXEC",
+		"PRIV_FILE_CHOWN",
+		"PRIV_PROC_SETID",
+		"PRIV_PROC_CHROOT",
+		"PRIV_NET_PRIVADDR",
+		"PRIV_FILE_DAC_READ",
+		"PRIV_FILE_DAC_WRITE",
+		NULL
+	}, **p;
+	priv_set_t *priv_set;
+	int ret;
+
+	priv_set = priv_allocset();
+	if (priv_set == NULL) {
+		i_warning("Can't allocate memory for privilege set: %m");
+		return;
+	}
+
+	priv_emptyset(priv_set);
+
+	for (p = privs; *p != NULL; p++) {
+		ret = priv_addset(priv_set, *p);
+		if (ret != 0) {
+			i_warning("Can't drop %s from privilege set: %m", *p);
+		}
+	}
+
+	ret = setppriv(PRIV_SET, PRIV_PERMITTED, priv_set);
+	if (ret) {
+		i_warning("Can't set %s privelege set: %m", "PERMITTED");
+	}
+
+	ret = setppriv(PRIV_SET, PRIV_EFFECTIVE, priv_set);
+	if (ret) {
+		i_warning("Can't set %s privelege set: %m", "EFFECTIVE");
+	}
+
+	priv_freeset(priv_set);
+}
+
+#endif
