masqmail

diff src/masqmail.c @ 331:e507c854a63e

find changesets by author, revision, files, or words in the commit message
Security fix! Correct handling of seteuid() return value See Debian bug #638002, reported by John Lightsey. When possible the (already available) set_euidgid() function is used. Additionally, it is unnecessary to change the identity when writing into an already open file descriptor. This should fix the problem.
author markus schnalke <meillo@marmaro.de>
date Sat, 27 Aug 2011 16:19:07 +0200
parents f10a56dc7481
children b45dc53f2829
line diff
     1.1 --- a/src/masqmail.c	Wed Jul 13 10:30:52 2011 +0200
     1.2 +++ b/src/masqmail.c	Sat Aug 27 16:19:07 2011 +0200
     1.3 @@ -61,8 +61,10 @@
     1.4  	sigterm_in_progress = 1;
     1.5  
     1.6  	if (pidfile) {
     1.7 -		uid_t uid;
     1.8 -		uid = seteuid(0);
     1.9 +		uid_t uid = geteuid();
    1.10 +		if (seteuid(0) != 0) {
    1.11 +			logwrite(LOG_ALERT, "sigterm_handler: could not set euid to %d: %s\n", 0, strerror(errno));
    1.12 +		}
    1.13  		if (unlink(pidfile) != 0)
    1.14  			logwrite(LOG_WARNING, "could not delete pid file %s: %s\n", pidfile, strerror(errno));
    1.15  		seteuid(uid);  /* we exit anyway after this, just to be sure */
    1.16 @@ -187,8 +189,7 @@
    1.17  	conf.do_verbose = FALSE;
    1.18  
    1.19  	if (!conf.run_as_user) {
    1.20 -		seteuid(conf.orig_uid);
    1.21 -		setegid(conf.orig_gid);
    1.22 +		set_euidgid(conf.orig_uid, conf.orig_gid, NULL, NULL);
    1.23  	}
    1.24  
    1.25  	DEBUG(5) debugf("accepting smtp message on stdin\n");
    1.26 @@ -217,8 +218,7 @@
    1.27  	}
    1.28  
    1.29  	if (!conf.run_as_user) {
    1.30 -		seteuid(conf.orig_uid);
    1.31 -		setegid(conf.orig_gid);
    1.32 +		set_euidgid(conf.orig_uid, conf.orig_gid, NULL, NULL);
    1.33  	}
    1.34  
    1.35  	DEBUG(5) debugf("accepting message on stdin\n");
    1.36 @@ -647,10 +647,15 @@
    1.37  	 */
    1.38  	if ((strcmp(conf_file, CONF_FILE) != 0) && (conf.orig_uid != 0)) {
    1.39  		conf.run_as_user = TRUE;
    1.40 -		seteuid(conf.orig_uid);
    1.41 -		setegid(conf.orig_gid);
    1.42 -		setuid(conf.orig_uid);
    1.43 -		setgid(conf.orig_gid);
    1.44 +		set_euidgid(conf.orig_uid, conf.orig_gid, NULL, NULL);
    1.45 +		if (setgid(conf.orig_gid)) {
    1.46 +			logwrite(LOG_ALERT, "could not set gid to %d: %s\n", conf.orig_gid, strerror(errno));
    1.47 +			exit(1);
    1.48 +		}
    1.49 +		if (setuid(conf.orig_uid)) {
    1.50 +			logwrite(LOG_ALERT, "could not set uid to %d: %s\n", conf.orig_uid, strerror(errno));
    1.51 +			exit(1);
    1.52 +		}
    1.53  	}
    1.54  
    1.55  	conf.log_dir = LOG_DIR;