From: Timo Sirainen <tss@iki.fi>
Date: Thu, 15 Jan 2009 22:14:29 +0000 (-0500)
Subject: deliver: Don't allow running as setuid-root if world can execute the binary.
X-Git-Tag: 1.2.beta1~106
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=15a9fc601c1a4378e04eed5b4b2485015aaa82b1;p=thirdparty%2Fdovecot%2Fcore.git

deliver: Don't allow running as setuid-root if world can execute the binary.

--HG--
branch : HEAD
---

diff --git a/src/deliver/deliver.c b/src/deliver/deliver.c
index 6342a71f17..fb0ac7ec0b 100644
--- a/src/deliver/deliver.c
+++ b/src/deliver/deliver.c
@@ -834,6 +834,24 @@ int main(int argc, char *argv[])
 	pool_t userdb_pool = NULL;
 	string_t *str;
 
+	if (getuid() != geteuid() && geteuid() == 0) {
+		/* running setuid - don't allow this if deliver is
+		   executable by anyone */
+		struct stat st;
+
+		if (stat(argv[0], &st) < 0) {
+			fprintf(stderr, "stat(%s) failed: %s\n",
+				argv[0], strerror(errno));
+			return EX_CONFIG;
+		} else if ((st.st_mode & 1) != 0) {
+			fprintf(stderr, "%s must not be both world-executable "
+				"and setuid-root. This allows root exploits. "
+				"See http://wiki.dovecot.org/LDA#multipleuids\n",
+				argv[0]);
+			return EX_CONFIG;
+		}
+	}
+
 	i_set_failure_exit_callback(failure_exit_callback);
 
 	lib_init();