dovecot-2.0: imap, pop3: Process permissions weren't properly dr...

[dovecot at dovecot.org]

details:   http://hg.dovecot.org/dovecot-2.0/rev/4b28edba5ff9
changeset: 9970:4b28edba5ff9
user:      Timo Sirainen <tss at iki.fi>
date:      Mon Oct 05 18:20:51 2009 -0400
description:
imap, pop3: Process permissions weren't properly dropped.

diffstat:

4 files changed, 20 insertions(+), 12 deletions(-)
src/imap/main.c                        |    7 +++++--
src/lib-storage/mail-storage-service.c |   14 +++++++-------
src/lib-storage/mail-storage-service.h |    4 +++-
src/pop3/main.c                        |    7 +++++--

diffs (85 lines):

diff -r a249daa4d960 -r 4b28edba5ff9 src/imap/main.c
--- a/src/imap/main.c	Mon Oct 05 18:06:13 2009 -0400
+++ b/src/imap/main.c	Mon Oct 05 18:20:51 2009 -0400
@@ -173,8 +173,11 @@ int main(int argc, char *argv[], char *e
 
 	if (IS_STANDALONE())
 		service_flags |= MASTER_SERVICE_FLAG_STANDALONE;
-	else
-		storage_service_flags |= MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT;
+	else {
+		storage_service_flags |=
+			MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT |
+			MAIL_STORAGE_SERVICE_FLAG_RESTRICT_BY_ENV;
+	}
 
 	dump_capability = getenv("DUMP_CAPABILITY") != NULL;
 	if (dump_capability) {
diff -r a249daa4d960 -r 4b28edba5ff9 src/lib-storage/mail-storage-service.c
--- a/src/lib-storage/mail-storage-service.c	Mon Oct 05 18:06:13 2009 -0400
+++ b/src/lib-storage/mail-storage-service.c	Mon Oct 05 18:20:51 2009 -0400
@@ -302,12 +302,6 @@ service_drop_privileges(const struct mai
 		if (seteuid(setuid_uid) < 0)
 			i_fatal("seteuid(%s) failed: %m", dec2str(setuid_uid));
 	}
-	if (rset.chroot_dir == NULL) {
-		/* enable core dumps only when we can be sure that the core
-		   file is written to a safe directory. with chrooting we're
-		   chrooting to user's home dir. */
-		restrict_access_allow_coredumps(TRUE);
-	}
 }
 
 static void
@@ -583,12 +577,18 @@ init_user_real(struct master_service *se
 				user_set->mail_plugins, TRUE,
 				master_service_get_version_string(service));
 
-	if ((flags & MAIL_STORAGE_SERVICE_FLAG_NO_RESTRICT_ACCESS) == 0) {
+	if ((flags & MAIL_STORAGE_SERVICE_FLAG_NO_RESTRICT_ACCESS) != 0) {
+		/* no changes */
+	} else if ((flags & MAIL_STORAGE_SERVICE_FLAG_RESTRICT_BY_ENV) != 0) {
+		restrict_access_by_env(home,
+			(flags & MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT) != 0);
+	} else {
 		service_drop_privileges(user_set, system_groups_user, home,
 			(flags & MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT) != 0,
 			FALSE);
 	}
 	/* privileges are now dropped */
+	restrict_access_allow_coredumps(TRUE);
 
 	dict_drivers_register_builtin();
 	module_dir_init(modules);
diff -r a249daa4d960 -r 4b28edba5ff9 src/lib-storage/mail-storage-service.h
--- a/src/lib-storage/mail-storage-service.h	Mon Oct 05 18:06:13 2009 -0400
+++ b/src/lib-storage/mail-storage-service.h	Mon Oct 05 18:20:51 2009 -0400
@@ -14,8 +14,10 @@ enum mail_storage_service_flags {
 	MAIL_STORAGE_SERVICE_FLAG_DEBUG			= 0x04,
 	/* Keep the current process permissions */
 	MAIL_STORAGE_SERVICE_FLAG_NO_RESTRICT_ACCESS	= 0x08,
+	/* Get the process permissions from environment */
+	MAIL_STORAGE_SERVICE_FLAG_RESTRICT_BY_ENV	= 0x10,
 	/* Don't chdir() to user's home */
-	MAIL_STORAGE_SERVICE_FLAG_NO_CHDIR		= 0x10
+	MAIL_STORAGE_SERVICE_FLAG_NO_CHDIR		= 0x20
 };
 
 struct mail_storage_service_input {
diff -r a249daa4d960 -r 4b28edba5ff9 src/pop3/main.c
--- a/src/pop3/main.c	Mon Oct 05 18:06:13 2009 -0400
+++ b/src/pop3/main.c	Mon Oct 05 18:20:51 2009 -0400
@@ -85,8 +85,11 @@ int main(int argc, char *argv[], char *e
 
 	if (IS_STANDALONE())
 		service_flags |= MASTER_SERVICE_FLAG_STANDALONE;
-	else
-		storage_service_flags |= MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT;
+	else {
+		storage_service_flags |=
+			MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT |
+			MAIL_STORAGE_SERVICE_FLAG_RESTRICT_BY_ENV;
+	}
 
 	master_service = master_service_init("pop3", service_flags, argc, argv);
 	while ((c = getopt(argc, argv, master_service_getopt_string())) > 0) {