masqmail

diff src/log.c @ 331:e507c854a63e

find changesets by author, revision, files, or words in the commit message
Security fix! Correct handling of seteuid() return value See Debian bug #638002, reported by John Lightsey. When possible the (already available) set_euidgid() function is used. Additionally, it is unnecessary to change the identity when writing into an already open file descriptor. This should fix the problem.
author markus schnalke <meillo@marmaro.de>
date Sat, 27 Aug 2011 16:19:07 +0200
parents f671821d8222
children b27f66555ba8
line diff
     1.1 --- a/src/log.c	Wed Jul 13 10:30:52 2011 +0200
     1.2 +++ b/src/log.c	Sat Aug 27 16:19:07 2011 +0200
     1.3 @@ -65,8 +65,9 @@
     1.4  		uid_t saved_uid;
     1.5  		gid_t saved_gid;
     1.6  
     1.7 -		saved_gid = setegid(conf.mail_gid);
     1.8 -		saved_uid = seteuid(conf.mail_uid);
     1.9 +		if (!conf.run_as_user) {
    1.10 +			set_euidgid(conf.mail_uid, conf.mail_gid, &saved_uid, &saved_gid);
    1.11 +		}
    1.12  
    1.13  		filename = g_strdup_printf("%s/masqmail.log", conf.log_dir);
    1.14  		logfile = fopen(filename, "a");
    1.15 @@ -76,8 +77,9 @@
    1.16  		}
    1.17  		g_free(filename);
    1.18  
    1.19 -		seteuid(saved_uid);
    1.20 -		setegid(saved_gid);
    1.21 +		if (!conf.run_as_user) {
    1.22 +			set_euidgid(saved_uid, saved_gid, NULL, NULL);
    1.23 +		}
    1.24  	}
    1.25  
    1.26  #ifdef ENABLE_DEBUG
    1.27 @@ -114,35 +116,26 @@
    1.28  		va_copy(args_copy, args);
    1.29  		vfprintf(stdout, fmt, args_copy);
    1.30  		va_end(args_copy);
    1.31 -		fflush(stdout);  /* is this necessary? */
    1.32 +		fflush(stdout);  /* in case output ends not with newline */
    1.33  	}
    1.34  
    1.35  	pri &= ~LOG_VERBOSE;
    1.36 -	if (pri) {
    1.37 -		if (conf.use_syslog)
    1.38 -			vsyslog(pri, fmt, args);
    1.39 -		else {
    1.40 -			if (pri <= conf.log_max_pri) {
    1.41 -				FILE *file = logfile ? logfile : stderr;
    1.42 -				time_t now = time(NULL);
    1.43 -				struct tm *t = localtime(&now);
    1.44 -				gchar buf[24];
    1.45 -				uid_t saved_uid;
    1.46 -				gid_t saved_gid;
    1.47 +	if (!pri) {
    1.48 +		return;
    1.49 +	}
    1.50 +	if (conf.use_syslog)
    1.51 +		vsyslog(pri, fmt, args);
    1.52 +	else if (pri <= conf.log_max_pri) {
    1.53 +		FILE *file = logfile ? logfile : stderr;
    1.54 +		time_t now = time(NULL);
    1.55 +		struct tm *t = localtime(&now);
    1.56 +		gchar buf[24];
    1.57  
    1.58 -				saved_gid = setegid(conf.mail_gid);
    1.59 -				saved_uid = seteuid(conf.mail_uid);
    1.60 +		strftime(buf, 24, "%Y-%m-%d %H:%M:%S", t);
    1.61 +		fprintf(file, "%s [%d] ", buf, getpid());
    1.62  
    1.63 -				strftime(buf, 24, "%Y-%m-%d %H:%M:%S", t);
    1.64 -				fprintf(file, "%s [%d] ", buf, getpid());
    1.65 -
    1.66 -				vfprintf(file, fmt, args);
    1.67 -				fflush(file);
    1.68 -
    1.69 -				seteuid(saved_uid);
    1.70 -				setegid(saved_gid);
    1.71 -			}
    1.72 -		}
    1.73 +		vfprintf(file, fmt, args);
    1.74 +		fflush(file);
    1.75  	}
    1.76  }
    1.77