[Dovecot] deliver setgid issues

Timothy White weirdit at gmail.com
Mon Jun 12 16:31:06 EEST 2006


Timo, any ideas on this one for the next release? I feel a little
scared running it like this, even though it's only the deliver binary
that was linked against the changed libraries...

Tim

On 6/9/06, Timothy White <dovecot.user at weirdo.bur.st> wrote:
> > Is this the issue? Or is there another solution?
>
> Ok, a temporary solution was to comment out a few lines of code in
> dovecot/src/lib/restrict-access.c
>
> Lines 143-146 (beta8) (the first part of the "if (env == NULL) {" block
>
>         /* groups - the getgid() checks are just so we don't fail if we're
>            not running as root and try to just use our own GID. Do this
>            before chrooting so initgroups() actually works. */
>         env = getenv("RESTRICT_SETGID");
>         gid = env == NULL ? 0 : (gid_t)strtoul(env, NULL, 10);
>         if (gid != 0 && (gid != getgid() || gid != getegid())) {
>                 if (setgid(gid) != 0)
>                         i_fatal("setgid(%s) failed: %m", dec2str(gid));
>
>                 env = getenv("RESTRICT_USER");
>                 if (env == NULL) {
>                         /* user not known, use only this one group */
>                         if (setgroups(1, &gid) < 0) {
>                                 i_fatal("setgroups(%s) failed: %m",
>                                         dec2str(gid));
>                         }
>                 } else {
> ...
>
> I know this isn't desirable, but it works.
>
> Any suggestions Timo as to other methods fixes?
>
> Thanks
>
> Tim
> --
> Linux Counter user #273956
>


-- 
Linux Counter user #273956


More information about the dovecot mailing list