#18 gid drop not working...

closed
None
5
2002-08-30
2002-08-02
No

Hi guys. I'm sorry I didn't do a patch to fix this, but it's a
pretty simple fix. Basically, your new logic for dropping
UID and GID is a little broken. When you do your drop,
you first drop UID and then drop GID. Well, once you are
no longer UID 0, you can't drop your GID :-)

Easy fix: On or around line 606 of AMAVIS.pm, switch
the "if" statements for UID drop and GID drop so that the
GID drop happens first. I.e...

if (defined $cfg_uid) {
writelog($args,LOG_DEBUG,__PACKAGE__.":
Dropping UID");
$>=$cfg_uid;
if ($> != $cfg_uid) {
writelog($args,LOG_ERR, __PACKAGE__.":
Can't drop UID to $cfg_uid");
die;
}
}
if (defined $cfg_gid) {
writelog($args,LOG_DEBUG,__PACKAGE__.":
Dropping GID");
$)=$cfg_gid;
if ($) != $cfg_gid) {
writelog($args,LOG_ERR, __PACKAGE__.":
Can't drop GID to $cfg_gid");
die;
}
}

to....

if (defined $cfg_gid) {
writelog($args,LOG_DEBUG,__PACKAGE__.":
Dropping GID");
$)=$cfg_gid;
if ($) != $cfg_gid) {
writelog($args,LOG_ERR, __PACKAGE__.":
Can't drop GID to $cfg_gid");
die;
}
}
if (defined $cfg_uid) {
writelog($args,LOG_DEBUG,__PACKAGE__.":
Dropping UID");
$>=$cfg_uid;
if ($> != $cfg_uid) {
writelog($args,LOG_ERR, __PACKAGE__.":
Can't drop UID to $cfg_uid");
die;
}
}

A simple swap.

Discussion

  • Lars Hecking

    Lars Hecking - 2002-08-02

    Logged In: YES
    user_id=28904

    I would appreciate if you could state clearly which version
    of amavis your
    patches are for.

     
  • Kendrick Vargas

    Kendrick Vargas - 2002-08-02

    Logged In: YES
    user_id=33926

    Damnit, I suppose I should've submitted this on the bugs
    section.

    Sorry.

    This was for amavis-ng-0.1.4... Late night perl hacking always
    makes me think that people can read my mind :-) Actually, I'd
    never hacked perl before, so maybe that was part of the
    problem.

     
  • Lars Hecking

    Lars Hecking - 2002-08-02
    • assigned_to: nobody --> bengen
     
  • Anonymous - 2002-08-02

    Logged In: YES
    user_id=58184

    Thanks, I had noticed this. Will be fixed in next version.

     
  • Anonymous - 2002-08-30
    • status: open --> closed
     

Log in to post a comment.