From 15a772a036234a9065ed0717983ea47384b08f3b Mon Sep 17 00:00:00 2001 From: Timo Sirainen Date: Mon, 5 Oct 2009 18:20:51 -0400 Subject: [PATCH] imap, pop3: Process permissions weren't properly dropped. --HG-- branch : HEAD --- src/imap/main.c | 7 +++++-- src/lib-storage/mail-storage-service.c | 14 +++++++------- src/lib-storage/mail-storage-service.h | 4 +++- src/pop3/main.c | 7 +++++-- 4 files changed, 20 insertions(+), 12 deletions(-) diff --git a/src/imap/main.c b/src/imap/main.c index 9af74d7fa9..2a6c1cb95e 100644 --- a/src/imap/main.c +++ b/src/imap/main.c @@ -173,8 +173,11 @@ int main(int argc, char *argv[], char *envp[]) if (IS_STANDALONE()) service_flags |= MASTER_SERVICE_FLAG_STANDALONE; - else - storage_service_flags |= MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT; + else { + storage_service_flags |= + MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT | + MAIL_STORAGE_SERVICE_FLAG_RESTRICT_BY_ENV; + } dump_capability = getenv("DUMP_CAPABILITY") != NULL; if (dump_capability) { diff --git a/src/lib-storage/mail-storage-service.c b/src/lib-storage/mail-storage-service.c index 577cfb6963..e08ebc4cc4 100644 --- a/src/lib-storage/mail-storage-service.c +++ b/src/lib-storage/mail-storage-service.c @@ -302,12 +302,6 @@ service_drop_privileges(const struct mail_user_settings *set, if (seteuid(setuid_uid) < 0) i_fatal("seteuid(%s) failed: %m", dec2str(setuid_uid)); } - if (rset.chroot_dir == NULL) { - /* enable core dumps only when we can be sure that the core - file is written to a safe directory. with chrooting we're - chrooting to user's home dir. */ - restrict_access_allow_coredumps(TRUE); - } } static void @@ -583,12 +577,18 @@ init_user_real(struct master_service *service, user_set->mail_plugins, TRUE, master_service_get_version_string(service)); - if ((flags & MAIL_STORAGE_SERVICE_FLAG_NO_RESTRICT_ACCESS) == 0) { + if ((flags & MAIL_STORAGE_SERVICE_FLAG_NO_RESTRICT_ACCESS) != 0) { + /* no changes */ + } else if ((flags & MAIL_STORAGE_SERVICE_FLAG_RESTRICT_BY_ENV) != 0) { + restrict_access_by_env(home, + (flags & MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT) != 0); + } else { service_drop_privileges(user_set, system_groups_user, home, (flags & MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT) != 0, FALSE); } /* privileges are now dropped */ + restrict_access_allow_coredumps(TRUE); dict_drivers_register_builtin(); module_dir_init(modules); diff --git a/src/lib-storage/mail-storage-service.h b/src/lib-storage/mail-storage-service.h index 4ed7f3c328..9c5b2b30a0 100644 --- a/src/lib-storage/mail-storage-service.h +++ b/src/lib-storage/mail-storage-service.h @@ -14,8 +14,10 @@ enum mail_storage_service_flags { MAIL_STORAGE_SERVICE_FLAG_DEBUG = 0x04, /* Keep the current process permissions */ MAIL_STORAGE_SERVICE_FLAG_NO_RESTRICT_ACCESS = 0x08, + /* Get the process permissions from environment */ + MAIL_STORAGE_SERVICE_FLAG_RESTRICT_BY_ENV = 0x10, /* Don't chdir() to user's home */ - MAIL_STORAGE_SERVICE_FLAG_NO_CHDIR = 0x10 + MAIL_STORAGE_SERVICE_FLAG_NO_CHDIR = 0x20 }; struct mail_storage_service_input { diff --git a/src/pop3/main.c b/src/pop3/main.c index 14cfb8d472..4e0523bdb7 100644 --- a/src/pop3/main.c +++ b/src/pop3/main.c @@ -85,8 +85,11 @@ int main(int argc, char *argv[], char *envp[]) if (IS_STANDALONE()) service_flags |= MASTER_SERVICE_FLAG_STANDALONE; - else - storage_service_flags |= MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT; + else { + storage_service_flags |= + MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT | + MAIL_STORAGE_SERVICE_FLAG_RESTRICT_BY_ENV; + } master_service = master_service_init("pop3", service_flags, argc, argv); while ((c = getopt(argc, argv, master_service_getopt_string())) > 0) { -- 2.47.3