Mercurial > dovecot > original-hg > dovecot-1.2
changeset 2873:72f28a4b964d HEAD
Make sure imap or pop3 processes cannot be started from inetd.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Tue, 09 Nov 2004 18:54:31 +0200 |
parents | c0e2a38b7647 |
children | 0f485075ba8f |
files | src/imap/main.c src/pop3/main.c |
diffstat | 2 files changed, 19 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/imap/main.c Mon Nov 08 04:45:59 2004 +0200 +++ b/src/imap/main.c Tue Nov 09 18:54:31 2004 +0200 @@ -2,6 +2,7 @@ #include "common.h" #include "ioloop.h" +#include "network.h" #include "ostream.h" #include "str.h" #include "lib-signals.h" @@ -14,6 +15,7 @@ #include "commands.h" #include "namespace.h" +#include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <syslog.h> @@ -203,6 +205,13 @@ if (getenv("LOGGED_IN") != NULL && getenv("GDB") == NULL) fd_debug_verify_leaks(3, 1024); #endif + if (IS_STANDALONE() && getuid() == 0 && + net_getpeername(1, NULL, NULL) == 0) { + printf("* BAD [ALERT] imap binary must not be started from " + "inetd, use imap-login instead.\n"); + return 1; + } + /* NOTE: we start rooted, so keep the code minimal until restrict_access_by_env() is called */ lib_init();
--- a/src/pop3/main.c Mon Nov 08 04:45:59 2004 +0200 +++ b/src/pop3/main.c Tue Nov 09 18:54:31 2004 +0200 @@ -2,6 +2,7 @@ #include "common.h" #include "ioloop.h" +#include "network.h" #include "lib-signals.h" #include "restrict-access.h" #include "fd-close-on-exec.h" @@ -10,7 +11,9 @@ #include "module-dir.h" #include "mail-storage.h" +#include <stdio.h> #include <stdlib.h> +#include <unistd.h> #include <syslog.h> #define IS_STANDALONE() \ @@ -179,6 +182,13 @@ if (getenv("LOGGED_IN") != NULL && getenv("GDB") == NULL) fd_debug_verify_leaks(3, 1024); #endif + if (IS_STANDALONE() && getuid() == 0 && + net_getpeername(1, NULL, NULL) == 0) { + printf("-ERR pop3 binary must not be started from " + "inetd, use pop3-login instead.\n"); + return 1; + } + /* NOTE: we start rooted, so keep the code minimal until restrict_access_by_env() is called */ lib_init();