dovecot-1.2: deliver: Don't allow running as setuid-root if worl...
dovecot at dovecot.org
dovecot at dovecot.org
Fri Jan 16 00:14:34 EET 2009
details: http://hg.dovecot.org/dovecot-1.2/rev/557cc9cf7d5f
changeset: 8637:557cc9cf7d5f
user: Timo Sirainen <tss at iki.fi>
date: Thu Jan 15 17:14:29 2009 -0500
description:
deliver: Don't allow running as setuid-root if world can execute the binary.
diffstat:
1 file changed, 18 insertions(+)
src/deliver/deliver.c | 18 ++++++++++++++++++
diffs (28 lines):
diff -r 11e18a303661 -r 557cc9cf7d5f src/deliver/deliver.c
--- a/src/deliver/deliver.c Thu Jan 15 16:23:59 2009 -0500
+++ b/src/deliver/deliver.c Thu Jan 15 17:14:29 2009 -0500
@@ -833,6 +833,24 @@ int main(int argc, char *argv[])
int i, ret;
pool_t userdb_pool = NULL;
string_t *str;
+
+ if (getuid() != geteuid() && geteuid() == 0) {
+ /* running setuid - don't allow this if deliver is
+ executable by anyone */
+ struct stat st;
+
+ if (stat(argv[0], &st) < 0) {
+ fprintf(stderr, "stat(%s) failed: %s\n",
+ argv[0], strerror(errno));
+ return EX_CONFIG;
+ } else if ((st.st_mode & 1) != 0) {
+ fprintf(stderr, "%s must not be both world-executable "
+ "and setuid-root. This allows root exploits. "
+ "See http://wiki.dovecot.org/LDA#multipleuids\n",
+ argv[0]);
+ return EX_CONFIG;
+ }
+ }
i_set_failure_exit_callback(failure_exit_callback);
More information about the dovecot-cvs
mailing list