lib: Add drop_setuid_root for restrict_access

drop_setuid_root, when set to true, will detect
and try to drop getuid()==0. This is done by
recovering current effective UID to set->uid
if set->uid == -1, and then doing seteuid(0).
It will also drop out any other extra privileges,
such as extra groups not requested for.

diff --git a/src/lib/restrict-access.c b/src/lib/restrict-access.c
index d25da5cc87c8d222ece189704de1d7b5ff099ed4..c42b44786d99f9b0af192e4df17cb0de5de3aeca 100644 (file)
--- a/src/lib/restrict-access.c
+++ b/src/lib/restrict-access.c
@@ -263,6 +263,20 @@ void restrict_access(const struct restrict_access_settings *set,
 
        is_root = geteuid() == 0;
 
+       if (!is_root &&
+           set->drop_setuid_root &&
+           getuid() == 0) {
+               /* recover current effective UID */
+               if (set->uid == (uid_t)-1)
+                       set->uid = geteuid();
+               else
+                       i_assert(set->uid > 0);
+               /* try to elevate to root */
+               if (seteuid(0) < 0)
+                       i_fatal("seteuid(0) failed: %m");
+               is_root = TRUE;
+       }
+
        /* set the primary/privileged group */
        process_primary_gid = set->gid;
        process_privileged_gid = set->privileged_gid;

diff --git a/src/lib/restrict-access.h b/src/lib/restrict-access.h
index 485760cab12f09b8a33077bbe93b1f1a123a7788..a60b9a723fb65e674a474472c2334f3fbc5d92f3 100644 (file)
--- a/src/lib/restrict-access.h
+++ b/src/lib/restrict-access.h
@@ -25,6 +25,10 @@ struct restrict_access_settings {
 
        /* Chroot directory */
        const char *chroot_dir;
+
+       /* Set TRUE to attempt to drop any root privileges
+          FIXME: Reverse logic on v2.3 */
+       bool drop_setuid_root; 
 };
 
 /* Initialize settings with values that don't change anything. */