Mercurial > dovecot > original-hg > dovecot-1.2
changeset 824:02cda88b44e2 HEAD
Make sure SSL parameters file has correct permissions before using it. Also
use effective uid/gid for checking the base dir, don't assume roots..
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Sat, 21 Dec 2002 14:42:36 +0200 |
parents | d00ce0e4de7f |
children | 8afbafd5deac |
files | src/master/settings.c src/master/ssl-init.c |
diffstat | 2 files changed, 8 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- a/src/master/settings.c Sat Dec 21 14:35:34 2002 +0200 +++ b/src/master/settings.c Sat Dec 21 14:42:36 2002 +0200 @@ -233,7 +233,7 @@ /* since they're under /var/run by default, they may have been deleted. */ - if (safe_mkdir(PKG_RUNDIR, 0700, 0, 0) == 0) { + if (safe_mkdir(PKG_RUNDIR, 0700, geteuid(), getegid()) == 0) { i_warning("Corrected permissions for base directory %s", PKG_RUNDIR); }
--- a/src/master/ssl-init.c Sat Dec 21 14:35:34 2002 +0200 +++ b/src/master/ssl-init.c Sat Dec 21 14:42:36 2002 +0200 @@ -67,13 +67,14 @@ static void check_parameters_file(void) { struct stat st; + time_t regen_time; if (set_ssl_parameters_file == NULL || set_ssl_disable || generating) return; - if (stat(set_ssl_parameters_file, &st) != 0) { + if (lstat(set_ssl_parameters_file, &st) < 0) { if (errno != ENOENT) { - i_error("stat() failed for SSL parameters file %s: %m", + i_error("lstat() failed for SSL parameters file %s: %m", set_ssl_parameters_file); return; } @@ -81,8 +82,10 @@ st.st_mtime = 0; } - if (st.st_mtime + - (time_t)(set_ssl_parameters_regenerate*3600) < ioloop_time) + /* make sure it's new enough and the permissions are correct */ + regen_time = st.st_mtime + (time_t)(set_ssl_parameters_regenerate*3600); + if (regen_time < ioloop_time || (st.st_mode & 077) != 0 || + st.st_uid != geteuid() || st.st_gid != getegid()) start_generate_process(); }