Mercurial > dovecot > core-2.2
changeset 20651:4df13c5fd7ab
lib-storage: If chdir to home doesn't work, chdir to root instead.
Most importantly this fixes unlink_directory() when current directory
after dropping privileges can't be open()ed.
author | Timo Sirainen <timo.sirainen@dovecot.fi> |
---|---|
date | Tue, 16 Aug 2016 14:53:24 +0300 |
parents | 6dceb64b1d6e |
children | 82419e13ad5b |
files | src/lib-storage/mail-storage-service.c |
diffstat | 1 files changed, 14 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/src/lib-storage/mail-storage-service.c Tue Aug 16 14:04:13 2016 +0300 +++ b/src/lib-storage/mail-storage-service.c Tue Aug 16 14:53:24 2016 +0300 @@ -691,11 +691,18 @@ /* we don't want to write core files to any users' home directories since they could contain information about other users' mails as well. so do no chdiring to home. */ - } else if (*home != '\0' && - (user->flags & MAIL_STORAGE_SERVICE_FLAG_NO_CHDIR) == 0) { + } else if ((user->flags & MAIL_STORAGE_SERVICE_FLAG_NO_CHDIR) == 0) { /* If possible chdir to home directory, so that core file - could be written in case we crash. */ - if (chdir(home) < 0) { + could be written in case we crash. + + fallback to chdir()ing to root directory. this is needed + because the current directory may not be accessible after + dropping privileges, and for example unlink_directory() + requires ability to open the current directory. */ + if (home[0] == '\0') { + if (chdir("/") < 0) + i_error("chdir(/) failed: %m"); + } else if (chdir(home) < 0) { if (errno == EACCES) { i_error("%s", eacces_error_get("chdir", t_strconcat(home, "/", NULL))); @@ -703,6 +710,9 @@ i_error("chdir(%s) failed: %m", home); else if (mail_set->mail_debug) i_debug("Home dir not found: %s", home); + + if (chdir("/") < 0) + i_error("chdir(/) failed: %m"); } }