imap, pop3: Process permissions weren't properly dropped.

--HG--
branch : HEAD

diff --git a/src/imap/main.c b/src/imap/main.c
index 9af74d7fa9c4f169cc2831b8b9b2fd0af6f9291b..2a6c1cb95e72f68d6e3f5ef222c3bd1599a1984b 100644 (file)
--- a/src/imap/main.c
+++ b/src/imap/main.c
@@ -173,8 +173,11 @@ int main(int argc, char *argv[], char *envp[])
 
        if (IS_STANDALONE())
                service_flags |= MASTER_SERVICE_FLAG_STANDALONE;
-       else
-               storage_service_flags |= MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT;
+       else {
+               storage_service_flags |=
+                       MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT |
+                       MAIL_STORAGE_SERVICE_FLAG_RESTRICT_BY_ENV;
+       }
 
        dump_capability = getenv("DUMP_CAPABILITY") != NULL;
        if (dump_capability) {

diff --git a/src/lib-storage/mail-storage-service.c b/src/lib-storage/mail-storage-service.c
index 577cfb6963869136ab8234f7bcf72208548986da..e08ebc4cc4c77a78988ca035f1fe3d6effa36729 100644 (file)
--- a/src/lib-storage/mail-storage-service.c
+++ b/src/lib-storage/mail-storage-service.c
@@ -302,12 +302,6 @@ service_drop_privileges(const struct mail_user_settings *set,
                if (seteuid(setuid_uid) < 0)
                        i_fatal("seteuid(%s) failed: %m", dec2str(setuid_uid));
        }
-       if (rset.chroot_dir == NULL) {
-               /* enable core dumps only when we can be sure that the core
-                  file is written to a safe directory. with chrooting we're
-                  chrooting to user's home dir. */
-               restrict_access_allow_coredumps(TRUE);
-       }
 }
 
 static void
@@ -583,12 +577,18 @@ init_user_real(struct master_service *service,
                                user_set->mail_plugins, TRUE,
                                master_service_get_version_string(service));
 
-       if ((flags & MAIL_STORAGE_SERVICE_FLAG_NO_RESTRICT_ACCESS) == 0) {
+       if ((flags & MAIL_STORAGE_SERVICE_FLAG_NO_RESTRICT_ACCESS) != 0) {
+               /* no changes */
+       } else if ((flags & MAIL_STORAGE_SERVICE_FLAG_RESTRICT_BY_ENV) != 0) {
+               restrict_access_by_env(home,
+                       (flags & MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT) != 0);
+       } else {
                service_drop_privileges(user_set, system_groups_user, home,
                        (flags & MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT) != 0,
                        FALSE);
        }
        /* privileges are now dropped */
+       restrict_access_allow_coredumps(TRUE);
 
        dict_drivers_register_builtin();
        module_dir_init(modules);

diff --git a/src/lib-storage/mail-storage-service.h b/src/lib-storage/mail-storage-service.h
index 4ed7f3c328d25bb4e55a72ab5abd16fdd1d1f45e..9c5b2b30a0dcc677a30b8a475a1f66255f342b71 100644 (file)
--- a/src/lib-storage/mail-storage-service.h
+++ b/src/lib-storage/mail-storage-service.h
@@ -14,8 +14,10 @@ enum mail_storage_service_flags {
        MAIL_STORAGE_SERVICE_FLAG_DEBUG                 = 0x04,
        /* Keep the current process permissions */
        MAIL_STORAGE_SERVICE_FLAG_NO_RESTRICT_ACCESS    = 0x08,
+       /* Get the process permissions from environment */
+       MAIL_STORAGE_SERVICE_FLAG_RESTRICT_BY_ENV       = 0x10,
        /* Don't chdir() to user's home */
-       MAIL_STORAGE_SERVICE_FLAG_NO_CHDIR              = 0x10
+       MAIL_STORAGE_SERVICE_FLAG_NO_CHDIR              = 0x20
 };
 
 struct mail_storage_service_input {

diff --git a/src/pop3/main.c b/src/pop3/main.c
index 14cfb8d4729712775cd11b319bf5e88fe88a96fc..4e0523bdb79e959838e0032df6bc8360e3332741 100644 (file)
--- a/src/pop3/main.c
+++ b/src/pop3/main.c
@@ -85,8 +85,11 @@ int main(int argc, char *argv[], char *envp[])
 
        if (IS_STANDALONE())
                service_flags |= MASTER_SERVICE_FLAG_STANDALONE;
-       else
-               storage_service_flags |= MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT;
+       else {
+               storage_service_flags |=
+                       MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT |
+                       MAIL_STORAGE_SERVICE_FLAG_RESTRICT_BY_ENV;
+       }
 
        master_service = master_service_init("pop3", service_flags, argc, argv);
        while ((c = getopt(argc, argv, master_service_getopt_string())) > 0) {