# HG changeset patch # User Timo Sirainen # Date 1043635322 -7200 # Node ID 299f59fb9ff470e99bd88fe7d582ea7231dc06b6 # Parent 793f05a7e50e823819642c41801848d5a51a0108 Authentication named socket permissions were insecure, an exploited login process could have replaced it with it's own and began reading plaintext passwords sent by other login processes. diff -r 793f05a7e50e -r 299f59fb9ff4 dovecot-example.conf --- a/dovecot-example.conf Mon Jan 27 04:05:32 2003 +0200 +++ b/dovecot-example.conf Mon Jan 27 04:42:02 2003 +0200 @@ -63,10 +63,12 @@ ## Login process ## -# Executable location +# Executable location. #login_executable = /usr/libexec/dovecot/imap-login -# User to use for imap-login process +# User to use for imap-login process. The user must belong to a group +# where only it has access, it's used to control access for authentication +# process named sockets. #login_user = imapd # Set max. process size in megabytes. If you don't use diff -r 793f05a7e50e -r 299f59fb9ff4 src/master/auth-process.c --- a/src/master/auth-process.c Mon Jan 27 04:05:32 2003 +0200 +++ b/src/master/auth-process.c Mon Jan 27 04:42:02 2003 +0200 @@ -272,7 +272,7 @@ /* create socket for listening auth requests from imap-login */ path = t_strconcat(set_login_dir, "/", config->name, NULL); (void)unlink(path); - (void)umask(0177); /* we want 0600 mode for the socket */ + (void)umask(0117); /* we want 0660 mode for the socket */ listen_fd = net_listen_unix(path); if (listen_fd < 0) @@ -281,7 +281,7 @@ i_assert(listen_fd > 2); /* set correct permissions */ - if (chown(path, set_login_uid, set_login_gid) < 0) { + if (chown(path, geteuid(), set_login_gid) < 0) { i_fatal("login: chown(%s, %s, %s) failed: %m", path, dec2str(set_login_uid), dec2str(set_login_gid)); } diff -r 793f05a7e50e -r 299f59fb9ff4 src/master/settings.c --- a/src/master/settings.c Mon Jan 27 04:05:32 2003 +0200 +++ b/src/master/settings.c Mon Jan 27 04:42:02 2003 +0200 @@ -273,9 +273,10 @@ if (unlink_directory(set_login_dir, FALSE) < 0) i_fatal("unlink_directory() failed for %s: %m", set_login_dir); - if (safe_mkdir(set_login_dir, 0700, set_login_uid, set_login_gid) == 0) + if (safe_mkdir(set_login_dir, 0750, geteuid(), set_login_gid) == 0) { i_warning("Corrected permissions for login directory %s", set_login_dir); + } if (set_max_imap_processes < 1) i_fatal("max_imap_processes must be at least 1");