aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPaul Rodger <paul@paulrodger.com>2002-09-16 11:35:03 +0000
committerPaul Rodger <paul@paulrodger.com>2002-09-16 11:35:03 +0000
commitbaeb03abd4406b90ca715ecd4e69ae61aed26134 (patch)
treeae71067588a61f57cf2c7f71e0d72c0e3387041d
parent3939c4851857a3691ea7d6689009d633769af642 (diff)
downloadarchivemail-baeb03abd4406b90ca715ecd4e69ae61aed26134.tar.gz
archivemail-baeb03abd4406b90ca715ecd4e69ae61aed26134.tar.bz2
archivemail-baeb03abd4406b90ca715ecd4e69ae61aed26134.zip
If we are running as root we setuid() to the user who owns the mailbox. But I
forgot to make sure we create our temporary container directory as that user too.
-rwxr-xr-xarchivemail.py29
1 files changed, 15 insertions, 14 deletions
diff --git a/archivemail.py b/archivemail.py
index ea7c5e5..0706ef5 100755
--- a/archivemail.py
+++ b/archivemail.py
@@ -943,17 +943,6 @@ def archive(mailbox_name):
os.path.basename(final_archive_name))
vprint("archiving '%s' to '%s' ..." % (mailbox_name, final_archive_name))
- # create a temporary directory for us to work in securely
- old_temp_dir = tempfile.tempdir
- tempfile.tempdir = None
- new_temp_dir = tempfile.mktemp('archivemail')
- assert(new_temp_dir)
- os.mkdir(new_temp_dir)
- _stale.temp_dir = new_temp_dir
- tempfile.tempdir = new_temp_dir
-
- vprint("set tempfile directory to '%s'" % new_temp_dir)
-
# check to see if we are running as root -- if so, change our effective
# userid and groupid to that of the original mailbox
if (os.getuid() == 0) and os.path.exists(mailbox_name):
@@ -964,6 +953,16 @@ def archive(mailbox_name):
vprint("changing effective user id to: %d" % mailbox_user)
os.seteuid(mailbox_user)
+ # create a temporary directory for us to work in securely
+ old_temp_dir = tempfile.tempdir
+ tempfile.tempdir = None
+ new_temp_dir = tempfile.mktemp('archivemail')
+ assert(new_temp_dir)
+ os.mkdir(new_temp_dir)
+ _stale.temp_dir = new_temp_dir
+ tempfile.tempdir = new_temp_dir
+ vprint("set tempfile directory to '%s'" % new_temp_dir)
+
if os.path.islink(mailbox_name):
unexpected_error("'%s' is a symbolic link -- I feel nervous!" %
mailbox_name)
@@ -982,14 +981,16 @@ def archive(mailbox_name):
else:
user_error("'%s': no such file or directory" % mailbox_name)
+ # remove our special temp directory - hopefully empty
+ os.rmdir(new_temp_dir)
+ _stale.temp_dir = None
+ tempfile.tempdir = old_temp_dir
+
# if we are running as root, revert the seteuid()/setegid() above
if (os.getuid() == 0):
vprint("changing effective groupid and userid back to root")
os.setegid(0)
os.seteuid(0)
- os.rmdir(new_temp_dir)
- _stale.temp_dir = None
- tempfile.tempdir = old_temp_dir
def _archive_mbox(mailbox_name, final_archive_name):