changeset 1040:299f59fb9ff4 HEAD

Authentication named socket permissions were insecure, an exploited login process could have replaced it with it's own and began reading plaintext passwords sent by other login processes.
author Timo Sirainen <tss@iki.fi>
date Mon, 27 Jan 2003 04:42:02 +0200
parents 793f05a7e50e
children 47ecd950a702
files dovecot-example.conf src/master/auth-process.c src/master/settings.c
diffstat 3 files changed, 8 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/dovecot-example.conf	Mon Jan 27 04:05:32 2003 +0200
+++ b/dovecot-example.conf	Mon Jan 27 04:42:02 2003 +0200
@@ -63,10 +63,12 @@
 ## Login process
 ##
 
-# Executable location
+# Executable location.
 #login_executable = /usr/libexec/dovecot/imap-login
 
-# User to use for imap-login process
+# User to use for imap-login process. The user must belong to a group
+# where only it has access, it's used to control access for authentication
+# process named sockets.
 #login_user = imapd
 
 # Set max. process size in megabytes. If you don't use
--- a/src/master/auth-process.c	Mon Jan 27 04:05:32 2003 +0200
+++ b/src/master/auth-process.c	Mon Jan 27 04:42:02 2003 +0200
@@ -272,7 +272,7 @@
 	/* create socket for listening auth requests from imap-login */
 	path = t_strconcat(set_login_dir, "/", config->name, NULL);
 	(void)unlink(path);
-        (void)umask(0177); /* we want 0600 mode for the socket */
+        (void)umask(0117); /* we want 0660 mode for the socket */
 
 	listen_fd = net_listen_unix(path);
 	if (listen_fd < 0)
@@ -281,7 +281,7 @@
 	i_assert(listen_fd > 2);
 
 	/* set correct permissions */
-	if (chown(path, set_login_uid, set_login_gid) < 0) {
+	if (chown(path, geteuid(), set_login_gid) < 0) {
 		i_fatal("login: chown(%s, %s, %s) failed: %m",
 			path, dec2str(set_login_uid), dec2str(set_login_gid));
 	}
--- a/src/master/settings.c	Mon Jan 27 04:05:32 2003 +0200
+++ b/src/master/settings.c	Mon Jan 27 04:42:02 2003 +0200
@@ -273,9 +273,10 @@
 	if (unlink_directory(set_login_dir, FALSE) < 0)
 		i_fatal("unlink_directory() failed for %s: %m", set_login_dir);
 
-	if (safe_mkdir(set_login_dir, 0700, set_login_uid, set_login_gid) == 0)
+	if (safe_mkdir(set_login_dir, 0750, geteuid(), set_login_gid) == 0) {
 		i_warning("Corrected permissions for login directory %s",
 			  set_login_dir);
+	}
 
 	if (set_max_imap_processes < 1)
 		i_fatal("max_imap_processes must be at least 1");