[dovecot-cvs] dovecot/src/master auth-process.c,1.29,1.30 settings.c,1.43,1.44
cras at procontrol.fi
cras at procontrol.fi
Mon Jan 27 04:42:04 EET 2003
- Previous message: [dovecot-cvs] dovecot dovecot-example.conf,1.36,1.37
- Next message: [dovecot-cvs] dovecot/src/imap client.h,1.10,1.11 cmd-append.c,1.22,1.23 commands-util.c,1.19,1.20 commands-util.h,1.8,1.9 commands.h,1.8,1.9 imap-search.c,1.2,1.3 imap-sort.c,1.2,1.3 imap-thread.c,1.2,1.3 mail-storage-callbacks.c,1.4,1.5 main.c,1.20,1.21
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Update of /home/cvs/dovecot/src/master
In directory danu:/tmp/cvs-serv225/src/master
Modified Files:
auth-process.c settings.c
Log Message:
Authentication named socket permissions were insecure, an exploited login
process could have replaced it with it's own and began reading plaintext
passwords sent by other login processes.
Index: auth-process.c
===================================================================
RCS file: /home/cvs/dovecot/src/master/auth-process.c,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -d -r1.29 -r1.30
--- auth-process.c 27 Jan 2003 01:44:34 -0000 1.29
+++ auth-process.c 27 Jan 2003 02:42:02 -0000 1.30
@@ -272,7 +272,7 @@
/* create socket for listening auth requests from imap-login */
path = t_strconcat(set_login_dir, "/", config->name, NULL);
(void)unlink(path);
- (void)umask(0177); /* we want 0600 mode for the socket */
+ (void)umask(0117); /* we want 0660 mode for the socket */
listen_fd = net_listen_unix(path);
if (listen_fd < 0)
@@ -281,7 +281,7 @@
i_assert(listen_fd > 2);
/* set correct permissions */
- if (chown(path, set_login_uid, set_login_gid) < 0) {
+ if (chown(path, geteuid(), set_login_gid) < 0) {
i_fatal("login: chown(%s, %s, %s) failed: %m",
path, dec2str(set_login_uid), dec2str(set_login_gid));
}
Index: settings.c
===================================================================
RCS file: /home/cvs/dovecot/src/master/settings.c,v
retrieving revision 1.43
retrieving revision 1.44
diff -u -d -r1.43 -r1.44
--- settings.c 27 Jan 2003 01:33:40 -0000 1.43
+++ settings.c 27 Jan 2003 02:42:02 -0000 1.44
@@ -273,9 +273,10 @@
if (unlink_directory(set_login_dir, FALSE) < 0)
i_fatal("unlink_directory() failed for %s: %m", set_login_dir);
- if (safe_mkdir(set_login_dir, 0700, set_login_uid, set_login_gid) == 0)
+ if (safe_mkdir(set_login_dir, 0750, geteuid(), set_login_gid) == 0) {
i_warning("Corrected permissions for login directory %s",
set_login_dir);
+ }
if (set_max_imap_processes < 1)
i_fatal("max_imap_processes must be at least 1");
- Previous message: [dovecot-cvs] dovecot dovecot-example.conf,1.36,1.37
- Next message: [dovecot-cvs] dovecot/src/imap client.h,1.10,1.11 cmd-append.c,1.22,1.23 commands-util.c,1.19,1.20 commands-util.h,1.8,1.9 commands.h,1.8,1.9 imap-search.c,1.2,1.3 imap-sort.c,1.2,1.3 imap-thread.c,1.2,1.3 mail-storage-callbacks.c,1.4,1.5 main.c,1.20,1.21
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the dovecot-cvs
mailing list