diff options
| author | Paul Rodger <paul@paulrodger.com> | 2002-09-16 11:35:03 +0000 |
|---|---|---|
| committer | Paul Rodger <paul@paulrodger.com> | 2002-09-16 11:35:03 +0000 |
| commit | baeb03abd4406b90ca715ecd4e69ae61aed26134 (patch) | |
| tree | ae71067588a61f57cf2c7f71e0d72c0e3387041d | |
| parent | 3939c4851857a3691ea7d6689009d633769af642 (diff) | |
| download | archivemail-baeb03abd4406b90ca715ecd4e69ae61aed26134.tar.gz archivemail-baeb03abd4406b90ca715ecd4e69ae61aed26134.tar.bz2 archivemail-baeb03abd4406b90ca715ecd4e69ae61aed26134.zip | |
If we are running as root we setuid() to the user who owns the mailbox. But I
forgot to make sure we create our temporary container directory as that user
too.
| -rwxr-xr-x | archivemail.py | 29 |
1 files changed, 15 insertions, 14 deletions
diff --git a/archivemail.py b/archivemail.py index ea7c5e5..0706ef5 100755 --- a/archivemail.py +++ b/archivemail.py @@ -943,17 +943,6 @@ def archive(mailbox_name): os.path.basename(final_archive_name)) vprint("archiving '%s' to '%s' ..." % (mailbox_name, final_archive_name)) - # create a temporary directory for us to work in securely - old_temp_dir = tempfile.tempdir - tempfile.tempdir = None - new_temp_dir = tempfile.mktemp('archivemail') - assert(new_temp_dir) - os.mkdir(new_temp_dir) - _stale.temp_dir = new_temp_dir - tempfile.tempdir = new_temp_dir - - vprint("set tempfile directory to '%s'" % new_temp_dir) - # check to see if we are running as root -- if so, change our effective # userid and groupid to that of the original mailbox if (os.getuid() == 0) and os.path.exists(mailbox_name): @@ -964,6 +953,16 @@ def archive(mailbox_name): vprint("changing effective user id to: %d" % mailbox_user) os.seteuid(mailbox_user) + # create a temporary directory for us to work in securely + old_temp_dir = tempfile.tempdir + tempfile.tempdir = None + new_temp_dir = tempfile.mktemp('archivemail') + assert(new_temp_dir) + os.mkdir(new_temp_dir) + _stale.temp_dir = new_temp_dir + tempfile.tempdir = new_temp_dir + vprint("set tempfile directory to '%s'" % new_temp_dir) + if os.path.islink(mailbox_name): unexpected_error("'%s' is a symbolic link -- I feel nervous!" % mailbox_name) @@ -982,14 +981,16 @@ def archive(mailbox_name): else: user_error("'%s': no such file or directory" % mailbox_name) + # remove our special temp directory - hopefully empty + os.rmdir(new_temp_dir) + _stale.temp_dir = None + tempfile.tempdir = old_temp_dir + # if we are running as root, revert the seteuid()/setegid() above if (os.getuid() == 0): vprint("changing effective groupid and userid back to root") os.setegid(0) os.seteuid(0) - os.rmdir(new_temp_dir) - _stale.temp_dir = None - tempfile.tempdir = old_temp_dir def _archive_mbox(mailbox_name, final_archive_name): |