dovecot-2.0: master: Set RESTRICT_* environment even when drop_p...
dovecot at dovecot.org
dovecot at dovecot.org
Fri Aug 20 20:19:58 EEST 2010
details: http://hg.dovecot.org/dovecot-2.0/rev/77a043a1ddb5
changeset: 12016:77a043a1ddb5
user: Timo Sirainen <tss at iki.fi>
date: Fri Aug 20 18:18:01 2010 +0100
description:
master: Set RESTRICT_* environment even when drop_priv_before_exec=yes
Otherwise the executed process could still try to drop some of the
privileges (groups).
diffstat:
src/master/service-process.c | 3 +--
1 files changed, 1 insertions(+), 2 deletions(-)
diffs (16 lines):
diff -r 892f0db489cd -r 77a043a1ddb5 src/master/service-process.c
--- a/src/master/service-process.c Fri Aug 20 16:14:19 2010 +0100
+++ b/src/master/service-process.c Fri Aug 20 18:18:01 2010 +0100
@@ -166,11 +166,10 @@
}
rset.extra_groups = service->extra_gids;
+ restrict_access_set_env(&rset);
if (service->set->drop_priv_before_exec) {
disallow_root = service->type == SERVICE_TYPE_LOGIN;
restrict_access(&rset, NULL, disallow_root);
- } else {
- restrict_access_set_env(&rset);
}
}
More information about the dovecot-cvs
mailing list