Mercurial > dovecot > core-2.2
changeset 12016:77a043a1ddb5
master: Set RESTRICT_* environment even when drop_priv_before_exec=yes
Otherwise the executed process could still try to drop some of the
privileges (groups).
| author | Timo Sirainen <tss@iki.fi> |
|---|---|
| date | Fri, 20 Aug 2010 18:18:01 +0100 |
| parents | 892f0db489cd |
| children | d6f387fe1275 |
| files | src/master/service-process.c |
| diffstat | 1 files changed, 1 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/src/master/service-process.c Fri Aug 20 16:14:19 2010 +0100 +++ b/src/master/service-process.c Fri Aug 20 18:18:01 2010 +0100 @@ -166,11 +166,10 @@ } rset.extra_groups = service->extra_gids; + restrict_access_set_env(&rset); if (service->set->drop_priv_before_exec) { disallow_root = service->type == SERVICE_TYPE_LOGIN; restrict_access(&rset, NULL, disallow_root); - } else { - restrict_access_set_env(&rset); } }