Mercurial > dovecot > core-2.2

changeset 20651:4df13c5fd7ab

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
lib-storage: If chdir to home doesn't work, chdir to root instead. Most importantly this fixes unlink_directory() when current directory after dropping privileges can't be open()ed.
author Timo Sirainen <timo.sirainen@dovecot.fi>
date Tue, 16 Aug 2016 14:53:24 +0300
parents 6dceb64b1d6e
children 82419e13ad5b
files src/lib-storage/mail-storage-service.c
diffstat 1 files changed, 14 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/src/lib-storage/mail-storage-service.c	Tue Aug 16 14:04:13 2016 +0300
+++ b/src/lib-storage/mail-storage-service.c	Tue Aug 16 14:53:24 2016 +0300
@@ -691,11 +691,18 @@
 		/* we don't want to write core files to any users' home
 		   directories since they could contain information about other
 		   users' mails as well. so do no chdiring to home. */
-	} else if (*home != '\0' &&
-		   (user->flags & MAIL_STORAGE_SERVICE_FLAG_NO_CHDIR) == 0) {
+	} else if ((user->flags & MAIL_STORAGE_SERVICE_FLAG_NO_CHDIR) == 0) {
 		/* If possible chdir to home directory, so that core file
-		   could be written in case we crash. */
-		if (chdir(home) < 0) {
+		   could be written in case we crash.
+
+		   fallback to chdir()ing to root directory. this is needed
+		   because the current directory may not be accessible after
+		   dropping privileges, and for example unlink_directory()
+		   requires ability to open the current directory. */
+		if (home[0] == '\0') {
+			if (chdir("/") < 0)
+				i_error("chdir(/) failed: %m");
+		} else if (chdir(home) < 0) {
 			if (errno == EACCES) {
 				i_error("%s", eacces_error_get("chdir",
 						t_strconcat(home, "/", NULL)));
@@ -703,6 +710,9 @@
 				i_error("chdir(%s) failed: %m", home);
 			else if (mail_set->mail_debug)
 				i_debug("Home dir not found: %s", home);
+
+			if (chdir("/") < 0)
+				i_error("chdir(/) failed: %m");
 		}
 	}