From: Timo Sirainen <tss@iki.fi>
Date: Fri, 20 Aug 2010 17:18:01 +0000 (+0100)
Subject: master: Set RESTRICT_* environment even when drop_priv_before_exec=yes
X-Git-Tag: 2.0.1~28
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4b2a1030f9b51e90f6ff4cdbc115871a398c1e0f;p=thirdparty%2Fdovecot%2Fcore.git

master: Set RESTRICT_* environment even when drop_priv_before_exec=yes
Otherwise the executed process could still try to drop some of the
privileges (groups).
---

diff --git a/src/master/service-process.c b/src/master/service-process.c
index ac5eef1b86..3575081588 100644
--- a/src/master/service-process.c
+++ b/src/master/service-process.c
@@ -166,11 +166,10 @@ drop_privileges(struct service *service)
 	}
 	rset.extra_groups = service->extra_gids;
 
+	restrict_access_set_env(&rset);
 	if (service->set->drop_priv_before_exec) {
 		disallow_root = service->type == SERVICE_TYPE_LOGIN;
 		restrict_access(&rset, NULL, disallow_root);
-	} else {
-		restrict_access_set_env(&rset);
 	}
 }