From 30ac0cb6ccf032c44c08beda24a3d23472cb4f1a Mon Sep 17 00:00:00 2001 From: "Eric S. Raymond" Date: Fri, 18 Oct 1996 15:46:18 +0000 Subject: Use seteuid(2) during MDA execution. svn path=/trunk/; revision=346 --- NEWS | 6 +++++- configure.in | 2 +- driver.c | 19 ++++++++++++++++++- fetchmail.man | 3 ++- 4 files changed, 26 insertions(+), 4 deletions(-) diff --git a/NEWS b/NEWS index 965714b7..3cde1fb0 100644 --- a/NEWS +++ b/NEWS @@ -6,7 +6,7 @@ features -- * POP3 UID support really works now. I make rude noises at the POP3 mavens who forced us to this with RFC1725, but thank Al Longyear - for fixing and verifying my slightly buggy implemntation. + for fixing and verifying my slightly buggy implementation. * Kerberos support ditto. Thanks to Chris Hanson for this feature. @@ -22,6 +22,10 @@ features -- * You may use C-like escapes to embed non-printables in passwords and other strings. Fetchmail -V will display them in a printable form. +* Program now tries to set itself to the ID of the local user before + running an MDA, and reset to root afterwards. This will work on + any system with seteuid(2), including Linux and the BSDs. + bugs -- * Default user name to deliver to is now the calling user, unless diff --git a/configure.in b/configure.in index d9a0aa55..736068cd 100644 --- a/configure.in +++ b/configure.in @@ -61,7 +61,7 @@ dnl All AC_CHECK_FUNCs must precede the following AC_SUBSTs AC_SUBST(EXTRASRC) AC_SUBST(EXTRAOBJ) -AC_CHECK_FUNCS(tcsetattr stty setsid rresvport) +AC_CHECK_FUNCS(tcsetattr stty setsid seteuid rresvport) dnl AC_FUNC_SETVBUF_REVERSED diff --git a/driver.c b/driver.c index dd815041..dec8e7e8 100644 --- a/driver.c +++ b/driver.c @@ -652,8 +652,25 @@ struct method *proto; /* protocol method table */ /* open the delivery pipe now if we're using an MDA */ if (queryctl->mda[0]) - if ((mboxfd = openmailpipe(queryctl)) < 0) + { +#ifdef HAVE_SETEUID + /* + * Arrange to run with user's permissions if we're root. + * This will initialize the ownership of any files the + * MDA creates properly. (The seteuid call is available + * under all BSDs and Linux) + */ + seteuid(queryctl->uid); +#endif /* HAVE_SETEUID */ + mboxfd = openmailpipe(queryctl); +#ifdef HAVE_SETEUID + /* this will fail quietly if we didn't start as root */ + seteuid(0); +#endif /* HAVE_SETEUID */ + + if (mboxfd < 0) goto cleanUp; + } /* read the message and ship it to the output sink */ ok = gen_readmsg(socket, mboxfd, diff --git a/fetchmail.man b/fetchmail.man index 15df5fb8..f60574e7 100644 --- a/fetchmail.man +++ b/fetchmail.man @@ -74,7 +74,8 @@ Some possible MDAs are "/usr/sbin/sendmail -oem %s", "/usr/lib/sendmail -oem %s", "/usr/bin/formail", and "/usr/bin/deliver %s" (if the MDA command contains %s, that escape will be expanded into your username on the client -machine). +machine). If \fIfetchmail\fR is running as root, it sets its userid to +that of the target user while delivering mail through an MDA. .TP .B \-F, --flush POP3/IMAP only. Delete old (previously retrieved) messages from the mailserver -- cgit v1.2.3