dovecot-1.3: restrict-access: More fixes to root checking.

[dovecot at dovecot.org]

details:   http://hg.dovecot.org/dovecot-1.3/rev/095837e6c073
changeset: 9052:095837e6c073
user:      Timo Sirainen <tss at iki.fi>
date:      Thu Apr 09 18:41:13 2009 -0400
description:
restrict-access: More fixes to root checking.

diffstat:

2 files changed, 10 insertions(+), 10 deletions(-)
src/lib/restrict-access.c |   18 +++++++++---------
src/lib/restrict-access.h |    2 +-

diffs (59 lines):

diff -r 1320550c00a2 -r 095837e6c073 src/lib/restrict-access.c
--- a/src/lib/restrict-access.c	Thu Apr 09 18:31:53 2009 -0400
+++ b/src/lib/restrict-access.c	Thu Apr 09 18:41:13 2009 -0400
@@ -225,7 +225,7 @@ static void fix_groups_list(const struct
 }
 
 void restrict_access(const struct restrict_access_settings *set,
-		     const char *home)
+		     const char *home, bool disallow_root)
 {
 	bool is_root, have_root_group, preserve_groups = FALSE;
 	bool allow_root_gid;
@@ -297,9 +297,14 @@ void restrict_access(const struct restri
 	}
 
 	/* verify that we actually dropped the privileges */
-	if (set->uid != (uid_t)-1 && set->uid != 0) {
-		if (setuid(0) == 0)
+	if (set->uid != 0 || disallow_root) {
+		if (setuid(0) == 0) {
+			if (disallow_root &&
+			    (set->uid == 0 || set->uid == (uid_t)-1))
+				i_fatal("This process must not be run as root");
+
 			i_fatal("We couldn't drop root privileges");
+		}
 	}
 
 	if (set->first_valid_gid != 0)
@@ -381,16 +386,11 @@ void restrict_access_by_env(const char *
 	if ((value = getenv("RESTRICT_GID_LAST")) != NULL)
 		set.last_valid_gid = (gid_t)strtol(value, NULL, 10);
 
-	if (disallow_root) {
-		if (set.uid == (uid_t)-1 || set.uid == 0)
-			i_fatal("This process must not be run as root");
-	}
-
 	set.extra_groups = null_if_empty(getenv("RESTRICT_SETEXTRAGROUPS"));
 	set.system_groups_user = null_if_empty(getenv("RESTRICT_USER"));
 	set.chroot_dir = null_if_empty(getenv("RESTRICT_CHROOT"));
 
-	restrict_access(&set, home);
+	restrict_access(&set, home, disallow_root);
 
 	/* clear the environment, so we don't fail if we get back here */
 	env_remove("RESTRICT_SETUID");
diff -r 1320550c00a2 -r 095837e6c073 src/lib/restrict-access.h
--- a/src/lib/restrict-access.h	Thu Apr 09 18:31:53 2009 -0400
+++ b/src/lib/restrict-access.h	Thu Apr 09 18:41:13 2009 -0400
@@ -28,7 +28,7 @@ void restrict_access_init(struct restric
 /* Restrict access as specified by the settings. If home is not NULL,
    it's chdir()ed after chrooting, otherwise it chdirs to / (the chroot). */
 void restrict_access(const struct restrict_access_settings *set,
-		     const char *home);
+		     const char *home, bool disallow_root);
 /* Set environment variables so they can be read with
    restrict_access_by_env(). */
 void restrict_access_set_env(const struct restrict_access_settings *set);