Mercurial > dovecot > original-hg > dovecot-1.2
changeset 1040:299f59fb9ff4 HEAD
Authentication named socket permissions were insecure, an exploited login
process could have replaced it with it's own and began reading plaintext
passwords sent by other login processes.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Mon, 27 Jan 2003 04:42:02 +0200 |
parents | 793f05a7e50e |
children | 47ecd950a702 |
files | dovecot-example.conf src/master/auth-process.c src/master/settings.c |
diffstat | 3 files changed, 8 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- a/dovecot-example.conf Mon Jan 27 04:05:32 2003 +0200 +++ b/dovecot-example.conf Mon Jan 27 04:42:02 2003 +0200 @@ -63,10 +63,12 @@ ## Login process ## -# Executable location +# Executable location. #login_executable = /usr/libexec/dovecot/imap-login -# User to use for imap-login process +# User to use for imap-login process. The user must belong to a group +# where only it has access, it's used to control access for authentication +# process named sockets. #login_user = imapd # Set max. process size in megabytes. If you don't use
--- a/src/master/auth-process.c Mon Jan 27 04:05:32 2003 +0200 +++ b/src/master/auth-process.c Mon Jan 27 04:42:02 2003 +0200 @@ -272,7 +272,7 @@ /* create socket for listening auth requests from imap-login */ path = t_strconcat(set_login_dir, "/", config->name, NULL); (void)unlink(path); - (void)umask(0177); /* we want 0600 mode for the socket */ + (void)umask(0117); /* we want 0660 mode for the socket */ listen_fd = net_listen_unix(path); if (listen_fd < 0) @@ -281,7 +281,7 @@ i_assert(listen_fd > 2); /* set correct permissions */ - if (chown(path, set_login_uid, set_login_gid) < 0) { + if (chown(path, geteuid(), set_login_gid) < 0) { i_fatal("login: chown(%s, %s, %s) failed: %m", path, dec2str(set_login_uid), dec2str(set_login_gid)); }
--- a/src/master/settings.c Mon Jan 27 04:05:32 2003 +0200 +++ b/src/master/settings.c Mon Jan 27 04:42:02 2003 +0200 @@ -273,9 +273,10 @@ if (unlink_directory(set_login_dir, FALSE) < 0) i_fatal("unlink_directory() failed for %s: %m", set_login_dir); - if (safe_mkdir(set_login_dir, 0700, set_login_uid, set_login_gid) == 0) + if (safe_mkdir(set_login_dir, 0750, geteuid(), set_login_gid) == 0) { i_warning("Corrected permissions for login directory %s", set_login_dir); + } if (set_max_imap_processes < 1) i_fatal("max_imap_processes must be at least 1");