dovecot-2.0: lda: Fixed binary setuid-checking.
dovecot at dovecot.org
dovecot at dovecot.org
Tue Oct 27 19:11:00 EET 2009
details: http://hg.dovecot.org/dovecot-2.0/rev/13b3a3ce892c
changeset: 10205:13b3a3ce892c
user: Timo Sirainen <tss at iki.fi>
date: Tue Oct 27 13:10:54 2009 -0400
description:
lda: Fixed binary setuid-checking.
diffstat:
1 file changed, 1 insertion(+), 1 deletion(-)
src/lda/main.c | 2 +-
diffs (12 lines):
diff -r b55afe3e957c -r 13b3a3ce892c src/lda/main.c
--- a/src/lda/main.c Tue Oct 27 12:16:42 2009 -0400
+++ b/src/lda/main.c Tue Oct 27 13:10:54 2009 -0400
@@ -274,7 +274,7 @@ int main(int argc, char *argv[])
fprintf(stderr, "stat(%s) failed: %s\n",
argv[0], strerror(errno));
return EX_TEMPFAIL;
- } else if ((st.st_mode & 1) != 0) {
+ } else if ((st.st_mode & 1) != 0 && (st.st_mode & 04000) != 0) {
fprintf(stderr, "%s must not be both world-executable "
"and setuid-root. This allows root exploits. "
"See http://wiki.dovecot.org/LDA#multipleuids\n",
More information about the dovecot-cvs
mailing list