dovecot: Don't use empty setgroups() list to drop groups. It doe...
dovecot at dovecot.org
dovecot at dovecot.org
Mon Dec 10 15:58:32 EET 2007
details: http://hg.dovecot.org/dovecot/rev/d7a48bf83a0e
changeset: 6991:d7a48bf83a0e
user: Timo Sirainen <tss at iki.fi>
date: Mon Dec 10 15:58:27 2007 +0200
description:
Don't use empty setgroups() list to drop groups. It doesn't work at least
with OSX.
diffstat:
1 file changed, 8 insertions(+), 4 deletions(-)
src/lib/restrict-access.c | 12 ++++++++----
diffs (36 lines):
diff -r e43c4db35e94 -r d7a48bf83a0e src/lib/restrict-access.c
--- a/src/lib/restrict-access.c Mon Dec 10 13:21:30 2007 +0200
+++ b/src/lib/restrict-access.c Mon Dec 10 15:58:27 2007 +0200
@@ -93,7 +93,7 @@ static gid_t get_group_id(const char *na
return group->gr_gid;
}
-static void fix_groups_list(const char *extra_groups,
+static void fix_groups_list(const char *extra_groups, gid_t egid,
bool preserve_existing, bool *have_root_group)
{
gid_t *gid_list;
@@ -112,8 +112,11 @@ static void fix_groups_list(const char *
return;
}
} else {
- gid_list = t_new(gid_t, 1);
- gid_count = 0;
+ /* Some OSes don't like an empty groups list,
+ so use the effective GID as the only one. */
+ gid_list = t_new(gid_t, 2);
+ gid_list[0] = egid;
+ gid_count = 1;
}
/* add extra groups to gids list */
@@ -169,7 +172,8 @@ void restrict_access_by_env(bool disallo
env = getenv("RESTRICT_SETEXTRAGROUPS");
if (is_root) {
T_FRAME(
- fix_groups_list(env, preserve_groups, &have_root_group);
+ fix_groups_list(env, gid, preserve_groups,
+ &have_root_group);
);
}
More information about the dovecot-cvs
mailing list