Mercurial > dovecot > core-2.2
changeset 1223:52e0830ade13 HEAD
Added setting mail_drop_priv_before_exec.
| author | Timo Sirainen <tss@iki.fi> |
|---|---|
| date | Fri, 21 Feb 2003 15:02:16 +0200 |
| parents | ea3f6c93d1a2 |
| children | b661eb87bd26 |
| files | dovecot-example.conf src/master/mail-process.c src/master/main.c src/master/master-settings.c src/master/master-settings.h |
| diffstat | 5 files changed, 15 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/dovecot-example.conf Fri Feb 21 15:01:55 2003 +0200 +++ b/dovecot-example.conf Fri Feb 21 15:02:16 2003 +0200 @@ -300,6 +300,13 @@ # umask to use for mail files and directories #umask = 0077 +# Drop all privileges before exec()ing the mail process. This is mostly +# meant for debugging, otherwise you don't get core dumps. Note that setting +# this to yes means that log file is opened as the logged in user, which +# might not work. It could also be a small security risk if you use single UID +# for multiple users, as the users could ptrace() each others processes then. +#mail_drop_priv_before_exec = no + ## ## IMAP process ##
--- a/src/master/mail-process.c Fri Feb 21 15:01:55 2003 +0200 +++ b/src/master/mail-process.c Fri Feb 21 15:02:16 2003 +0200 @@ -216,6 +216,9 @@ any errors above will be logged */ closelog(); + if (set->mail_drop_priv_before_exec) + restrict_access_by_env(TRUE); + /* hide the path, it's ugly */ argv[0] = strrchr(executable, '/'); if (argv[0] == NULL) argv[0] = executable; else argv[0]++;
--- a/src/master/main.c Fri Feb 21 15:01:55 2003 +0200 +++ b/src/master/main.c Fri Feb 21 15:02:16 2003 +0200 @@ -78,11 +78,11 @@ { i_warning("SIGHUP received - reloading configuration"); - master_settings_read(configfile); - /* restart auth and login processes */ login_processes_destroy_all(); auth_processes_destroy_all(); + + master_settings_read(configfile); } static const char *get_exit_status_message(enum fatal_exit_status status)
--- a/src/master/master-settings.c Fri Feb 21 15:01:55 2003 +0200 +++ b/src/master/master-settings.c Fri Feb 21 15:02:16 2003 +0200 @@ -68,6 +68,7 @@ DEF(SET_INT, mbox_dotlock_change_timeout), DEF(SET_BOOL, overwrite_incompatible_index), DEF(SET_INT, umask), + DEF(SET_BOOL, mail_drop_priv_before_exec), /* imap */ DEF(SET_STR, imap_executable), @@ -173,6 +174,7 @@ MEMBER(mbox_dotlock_change_timeout) 30, MEMBER(overwrite_incompatible_index) FALSE, MEMBER(umask) 0077, + MEMBER(mail_drop_priv_before_exec) FALSE, /* imap */ MEMBER(imap_executable) PKG_LIBEXECDIR"/imap",
--- a/src/master/master-settings.h Fri Feb 21 15:01:55 2003 +0200 +++ b/src/master/master-settings.h Fri Feb 21 15:02:16 2003 +0200 @@ -52,6 +52,7 @@ unsigned int mbox_dotlock_change_timeout; int overwrite_incompatible_index; unsigned int umask; + int mail_drop_priv_before_exec; /* imap */ const char *imap_executable;