Mercurial > dovecot > original-hg > dovecot-1.2
changeset 8637:557cc9cf7d5f HEAD
deliver: Don't allow running as setuid-root if world can execute the binary.
| author | Timo Sirainen <tss@iki.fi> |
|---|---|
| date | Thu, 15 Jan 2009 17:14:29 -0500 |
| parents | 11e18a303661 |
| children | b8357fbedc8f |
| files | src/deliver/deliver.c |
| diffstat | 1 files changed, 18 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/deliver/deliver.c Thu Jan 15 16:23:59 2009 -0500 +++ b/src/deliver/deliver.c Thu Jan 15 17:14:29 2009 -0500 @@ -834,6 +834,24 @@ pool_t userdb_pool = NULL; string_t *str; + if (getuid() != geteuid() && geteuid() == 0) { + /* running setuid - don't allow this if deliver is + executable by anyone */ + struct stat st; + + if (stat(argv[0], &st) < 0) { + fprintf(stderr, "stat(%s) failed: %s\n", + argv[0], strerror(errno)); + return EX_CONFIG; + } else if ((st.st_mode & 1) != 0) { + fprintf(stderr, "%s must not be both world-executable " + "and setuid-root. This allows root exploits. " + "See http://wiki.dovecot.org/LDA#multipleuids\n", + argv[0]); + return EX_CONFIG; + } + } + i_set_failure_exit_callback(failure_exit_callback); lib_init();