From: Timo Sirainen <tss@iki.fi>
Date: Thu, 1 Aug 2013 10:31:25 +0000 (+0300)
Subject: lib-storage: Ignore MAIL_STORAGE_SERVICE_FLAG_TEMP_PRIV_DROP if service user isn... 
X-Git-Tag: 2.2.5~33
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1cb065514fcfe00b684ee274239e3f0390c7fc47;p=thirdparty%2Fdovecot%2Fcore.git

lib-storage: Ignore MAIL_STORAGE_SERVICE_FLAG_TEMP_PRIV_DROP if service user isn't root.
---

diff --git a/src/lib-storage/mail-storage-service.c b/src/lib-storage/mail-storage-service.c
index d1bab08126..511b76ba70 100644
--- a/src/lib-storage/mail-storage-service.c
+++ b/src/lib-storage/mail-storage-service.c
@@ -748,6 +748,13 @@ mail_storage_service_init(struct master_service *service,
 			PACKAGE_VERSION, version);
 	}
 
+	if ((flags & MAIL_STORAGE_SERVICE_FLAG_TEMP_PRIV_DROP) != 0 &&
+	    geteuid() != 0) {
+		/* service { user } isn't root. the permission drop can't be
+		   temporary. */
+		flags &= ~MAIL_STORAGE_SERVICE_FLAG_TEMP_PRIV_DROP;
+	}
+
 	(void)umask(0077);
 	io_loop_set_time_moved_callback(current_ioloop,
 					mail_storage_service_time_moved);