Josip Rodin writes:
On Wed, Jan 13, 2010 at 07:13:38AM -0500, Sam Varshavchik wrote:Maybe, maybe not. Instead of invoking 'id' as a child process of maildrop, try just having maildrop deliver a test message to a new mailbox, and see what the ownership of the new file becomes.That part is fine, it sets the group to mail on newly-created mailboxes. But at the same time this maildrop is able to deliver mails to existing files whose group is set to "root" and are group-writable. I created an empty file owned by root:root mode 660 and 'maildrop -d testmaildrop' successfully wrote to it. That side-effect is not supposed to happen.
Let's try the following patch. I do appreciate your help in testing it. It's not easy for me to test all possible permutations of distro-specific configurations, and platform-specific nuances, that float around.
diff -U3 -r1.58 main.C
--- maildrop/main.C 13 Jan 2010 01:32:02 -0000 1.58
+++ maildrop/main.C 14 Jan 2010 00:41:13 -0000
@@ -564,6 +564,8 @@
#if RESET_GID
setgroupid(getgid());
+#else
+ setgroupid(getegid());
#endif
uid_t my_u=getuid();
pgpzNdb59L2ni.pgp
Description: PGP signature
