Mercurial > dovecot > core-2.2
changeset 9970:4b28edba5ff9 HEAD
imap, pop3: Process permissions weren't properly dropped.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Mon, 05 Oct 2009 18:20:51 -0400 |
parents | a249daa4d960 |
children | 309ef3136fa0 |
files | src/imap/main.c src/lib-storage/mail-storage-service.c src/lib-storage/mail-storage-service.h src/pop3/main.c |
diffstat | 4 files changed, 20 insertions(+), 12 deletions(-) [+] |
line wrap: on
line diff
--- a/src/imap/main.c Mon Oct 05 18:06:13 2009 -0400 +++ b/src/imap/main.c Mon Oct 05 18:20:51 2009 -0400 @@ -173,8 +173,11 @@ if (IS_STANDALONE()) service_flags |= MASTER_SERVICE_FLAG_STANDALONE; - else - storage_service_flags |= MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT; + else { + storage_service_flags |= + MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT | + MAIL_STORAGE_SERVICE_FLAG_RESTRICT_BY_ENV; + } dump_capability = getenv("DUMP_CAPABILITY") != NULL; if (dump_capability) {
--- a/src/lib-storage/mail-storage-service.c Mon Oct 05 18:06:13 2009 -0400 +++ b/src/lib-storage/mail-storage-service.c Mon Oct 05 18:20:51 2009 -0400 @@ -302,12 +302,6 @@ if (seteuid(setuid_uid) < 0) i_fatal("seteuid(%s) failed: %m", dec2str(setuid_uid)); } - if (rset.chroot_dir == NULL) { - /* enable core dumps only when we can be sure that the core - file is written to a safe directory. with chrooting we're - chrooting to user's home dir. */ - restrict_access_allow_coredumps(TRUE); - } } static void @@ -583,12 +577,18 @@ user_set->mail_plugins, TRUE, master_service_get_version_string(service)); - if ((flags & MAIL_STORAGE_SERVICE_FLAG_NO_RESTRICT_ACCESS) == 0) { + if ((flags & MAIL_STORAGE_SERVICE_FLAG_NO_RESTRICT_ACCESS) != 0) { + /* no changes */ + } else if ((flags & MAIL_STORAGE_SERVICE_FLAG_RESTRICT_BY_ENV) != 0) { + restrict_access_by_env(home, + (flags & MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT) != 0); + } else { service_drop_privileges(user_set, system_groups_user, home, (flags & MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT) != 0, FALSE); } /* privileges are now dropped */ + restrict_access_allow_coredumps(TRUE); dict_drivers_register_builtin(); module_dir_init(modules);
--- a/src/lib-storage/mail-storage-service.h Mon Oct 05 18:06:13 2009 -0400 +++ b/src/lib-storage/mail-storage-service.h Mon Oct 05 18:20:51 2009 -0400 @@ -14,8 +14,10 @@ MAIL_STORAGE_SERVICE_FLAG_DEBUG = 0x04, /* Keep the current process permissions */ MAIL_STORAGE_SERVICE_FLAG_NO_RESTRICT_ACCESS = 0x08, + /* Get the process permissions from environment */ + MAIL_STORAGE_SERVICE_FLAG_RESTRICT_BY_ENV = 0x10, /* Don't chdir() to user's home */ - MAIL_STORAGE_SERVICE_FLAG_NO_CHDIR = 0x10 + MAIL_STORAGE_SERVICE_FLAG_NO_CHDIR = 0x20 }; struct mail_storage_service_input {
--- a/src/pop3/main.c Mon Oct 05 18:06:13 2009 -0400 +++ b/src/pop3/main.c Mon Oct 05 18:20:51 2009 -0400 @@ -85,8 +85,11 @@ if (IS_STANDALONE()) service_flags |= MASTER_SERVICE_FLAG_STANDALONE; - else - storage_service_flags |= MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT; + else { + storage_service_flags |= + MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT | + MAIL_STORAGE_SERVICE_FLAG_RESTRICT_BY_ENV; + } master_service = master_service_init("pop3", service_flags, argc, argv); while ((c = getopt(argc, argv, master_service_getopt_string())) > 0) {