From: Timo Sirainen Date: Mon, 1 Jun 2009 02:15:55 +0000 (-0400) Subject: More group permission handling fixes. X-Git-Tag: 2.0.alpha1~631 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=93688bfedcfb2b9c02750b8d4d409123a386de5c;p=thirdparty%2Fdovecot%2Fcore.git More group permission handling fixes. --HG-- branch : HEAD --- diff --git a/src/lib-index/mail-index.c b/src/lib-index/mail-index.c index 03729f2c50..7a59c85cb9 100644 --- a/src/lib-index/mail-index.c +++ b/src/lib-index/mail-index.c @@ -656,25 +656,20 @@ void mail_index_fchown(struct mail_index *index, int fd, const char *path) } else if (fchown(fd, (uid_t)-1, index->gid) == 0) { /* success */ return; - } if ((index->mode & 0066) == 0) { - /* group doesn't really matter, ignore silently. */ + } if ((index->mode & 0060) >> 3 == (index->mode & 0006)) { + /* group and world permissions are the same, so group doesn't + really matter. ignore silently. */ return; - } if ((index->mode & 0060) == 0) { - /* file access was granted to everyone, except this group. - to make sure we don't expose it to the group, drop the world - permissions too. */ - mail_index_file_set_syscall_error(index, path, "fchown()"); - mode = index->mode & 0600; - } else { - mail_index_file_set_syscall_error(index, path, "fchown()"); - /* continue, but change group permissions to same as - world-permissions were. */ - mode = (index->mode & 0606) | ((index->mode & 06) << 3); - } - if (fchmod(fd, mode) < 0) { - mail_index_file_set_syscall_error(index, path, - "fchmod()"); } + mail_index_file_set_syscall_error(index, path, "fchown()"); + + /* continue, but change permissions so that only the common + subset of group and world is used. this makes sure no one + gets any extra permissions. */ + mode = ((index->mode & 0060) >> 3) & (index->mode & 0006); + mode |= (mode << 3) | (index->mode & 0600); + if (fchmod(fd, mode) < 0) + mail_index_file_set_syscall_error(index, path, "fchmod()"); } int mail_index_set_syscall_error(struct mail_index *index, diff --git a/src/lib-storage/mailbox-list.c b/src/lib-storage/mailbox-list.c index 8eef123940..2af0f72bcd 100644 --- a/src/lib-storage/mailbox-list.c +++ b/src/lib-storage/mailbox-list.c @@ -328,8 +328,8 @@ mailbox_list_get_permissions_full(struct mailbox_list *list, const char *name, /* directory's GID is used automatically for new files */ *gid_r = (gid_t)-1; - } else if ((st.st_mode & 0070) == 0) { - /* group doesn't have any permissions, so don't bother + } else if ((st.st_mode & 0070) >> 3 == (st.st_mode & 0007)) { + /* group has same permissions as world, so don't bother changing it */ *gid_r = (gid_t)-1; } else if (getegid() == st.st_gid) {