dovecot-2.0: More group permission handling fixes.

dovecot at dovecot.org dovecot at dovecot.org
Mon Jun 1 05:16:08 EEST 2009


details:   http://hg.dovecot.org/dovecot-2.0/rev/14ed9ca980d1
changeset: 9421:14ed9ca980d1
user:      Timo Sirainen <tss at iki.fi>
date:      Sun May 31 22:15:55 2009 -0400
description:
More group permission handling fixes.

diffstat:

2 files changed, 15 insertions(+), 20 deletions(-)
src/lib-index/mail-index.c     |   31 +++++++++++++------------------
src/lib-storage/mailbox-list.c |    4 ++--

diffs (56 lines):

diff -r c496f137c843 -r 14ed9ca980d1 src/lib-index/mail-index.c
--- a/src/lib-index/mail-index.c	Sun May 31 22:03:25 2009 -0400
+++ b/src/lib-index/mail-index.c	Sun May 31 22:15:55 2009 -0400
@@ -656,25 +656,20 @@ void mail_index_fchown(struct mail_index
 	} else if (fchown(fd, (uid_t)-1, index->gid) == 0) {
 		/* success */
 		return;
-	} if ((index->mode & 0066) == 0) {
-		/* group doesn't really matter, ignore silently. */
+	} if ((index->mode & 0060) >> 3 == (index->mode & 0006)) {
+		/* group and world permissions are the same, so group doesn't
+		   really matter. ignore silently. */
 		return;
-	} if ((index->mode & 0060) == 0) {
-		/* file access was granted to everyone, except this group.
-		   to make sure we don't expose it to the group, drop the world
-		   permissions too. */
-		mail_index_file_set_syscall_error(index, path, "fchown()");
-		mode = index->mode & 0600;
-	} else {
-		mail_index_file_set_syscall_error(index, path, "fchown()");
-		/* continue, but change group permissions to same as
-		   world-permissions were. */
-		mode = (index->mode & 0606) | ((index->mode & 06) << 3);
-	}
-	if (fchmod(fd, mode) < 0) {
-		mail_index_file_set_syscall_error(index, path,
-						  "fchmod()");
-	}
+	}
+	mail_index_file_set_syscall_error(index, path, "fchown()");
+
+	/* continue, but change permissions so that only the common
+	   subset of group and world is used. this makes sure no one
+	   gets any extra permissions. */
+	mode = ((index->mode & 0060) >> 3) & (index->mode & 0006);
+	mode |= (mode << 3) | (index->mode & 0600);
+	if (fchmod(fd, mode) < 0)
+		mail_index_file_set_syscall_error(index, path, "fchmod()");
 }
 
 int mail_index_set_syscall_error(struct mail_index *index,
diff -r c496f137c843 -r 14ed9ca980d1 src/lib-storage/mailbox-list.c
--- a/src/lib-storage/mailbox-list.c	Sun May 31 22:03:25 2009 -0400
+++ b/src/lib-storage/mailbox-list.c	Sun May 31 22:15:55 2009 -0400
@@ -328,8 +328,8 @@ mailbox_list_get_permissions_full(struct
 			/* directory's GID is used automatically for new
 			   files */
 			*gid_r = (gid_t)-1;
-		} else if ((st.st_mode & 0070) == 0) {
-			/* group doesn't have any permissions, so don't bother
+		} else if ((st.st_mode & 0070) >> 3 == (st.st_mode & 0007)) {
+			/* group has same permissions as world, so don't bother
 			   changing it */
 			*gid_r = (gid_t)-1;
 		} else if (getegid() == st.st_gid) {


More information about the dovecot-cvs mailing list