subject:"\[Dovecot\] convert plugin fails \- drops root privileges then tries to create file in \/"

Re: [Dovecot] convert plugin fails - drops root privileges then tries to create file in /

2008-01-17 Thread Charles Marcus


On 1/16/2008, Mikel Ward ([EMAIL PROTECTED]) wrote:

I'm running dovecot-1.0-1.2.rc15.el5 on CentOS 5.


This is old and pre-release... upgrade please...

[Dovecot] convert plugin fails - drops root privileges then tries to create file in /

2008-01-16 Thread Mikel Ward

Hi

I just tried to run the convert plugin as described at
http://wiki.dovecot.org/Plugins/Convert

(except with mail_location = maildir:~/Mail)

It fails with an error message:
Eopen(/.temp.falcon.endbracket.net.18618.8d5e0a038da6cf06) failed:
Permission denied
Error: imap dump-capability process returned 89

It looks like Dovecot execs /usr/libexec/dovecot/imap, which drops root
privileges (probably via get_imap_capability), then
loads /usr/lib/dovecot/imap/lib01_convert_plugin.so, which tries to
create a file in the root directory, which it obviously won't have write
privileges on.

I'm running dovecot-1.0-1.2.rc15.el5 on CentOS 5.

If I change the paths from ~ to /home/%u, I get this error message:
Emkdir_parents(/home/dump-capability/mail) failed: Permission denied
execve(/usr/sbin/dovecot, [/usr/sbin/dovecot], [/* 16 vars */]) = 0
brk(0)  = 0x8d46000
access(/etc/ld.so.preload, R_OK)  = -1 ENOENT (No such file or directory)
open(/etc/ld.so.cache, O_RDONLY)  = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=21917, ...}) = 0
mmap2(NULL, 21917, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f22000
close(3)= 0
open(/lib/libc.so.6, O_RDONLY)= 3
read(3, 
\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\_\227\0004\0\0\0..., 512) = 
512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1589908, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 
0xb7f21000
mmap2(0x96, 1308068, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) 
= 0x96
mmap2(0xa9a000, 12288, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x13a) = 0xa9a000
mmap2(0xa9d000, 9636, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xa9d000
close(3)= 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 
0xb7f2
set_thread_area({entry_number:-1 - 6, base_addr:0xb7f206c0, limit:1048575, 
seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, 
useable:1}) = 0
mprotect(0xa9a000, 8192, PROT_READ) = 0
mprotect(0x95c000, 4096, PROT_READ) = 0
munmap(0xb7f22000, 21917)   = 0
time(NULL)  = 1200536192
brk(0)  = 0x8d46000
brk(0x8d6f000)  = 0x8d6f000
uname({sys=Linux, node=falcon.endbracket.net, ...}) = 0
getpid()= 13747
geteuid32() = 0
open(/etc/dovecot.conf, O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=665, ...}) = 0
pread64(3, ## Dovecot 1.0 configuration fil..., 2048, 0) = 665
pread64(3, , 1383, 665)   = 0
close(3)= 0
socket(PF_FILE, SOCK_STREAM, 0) = 3
fcntl64(3, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK)  = 0
connect(3, {sa_family=AF_FILE, path=/var/run/nscd/socket}, 110) = -1 ENOENT 
(No such file or directory)
close(3)= 0
socket(PF_FILE, SOCK_STREAM, 0) = 3
fcntl64(3, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK)  = 0
connect(3, {sa_family=AF_FILE, path=/var/run/nscd/socket}, 110) = -1 ENOENT 
(No such file or directory)
close(3)= 0
open(/etc/nsswitch.conf, O_RDONLY)= 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=1696, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 
0xb7f27000
read(3, #\n# /etc/nsswitch.conf\n#\n# An ex..., 4096) = 1696
read(3, , 4096)   = 0
close(3)= 0
munmap(0xb7f27000, 4096)= 0
open(/etc/ld.so.cache, O_RDONLY)  = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=21917, ...}) = 0
mmap2(NULL, 21917, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f22000
close(3)= 0
open(/lib/libnss_files.so.2, O_RDONLY) = 3
read(3, 
\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300\30\0\0004\0\0\0..., 512) 
= 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=46680, ...}) = 0
mmap2(NULL, 41616, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 
0x8c2000
mmap2(0x8cb000, 8192, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x8) = 0x8cb000
close(3)= 0
mprotect(0x8cb000, 4096, PROT_READ) = 0
munmap(0xb7f22000, 21917)   = 0
open(/etc/passwd, O_RDONLY)   = 3
fcntl64(3, F_GETFD) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=1759, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 
0xb7f27000
read(3, root:x:0:0:root:/root:/bin/bash\n..., 4096) = 1759
close(3)= 0
munmap(0xb7f27000, 4096)= 0
access(/usr/libexec/dovecot/imap, X_OK) = 0
access(/etc/dovecot/ssl/mail.endbracket.net.crt, R_OK) = 0

Re: [Dovecot] convert plugin fails - drops root privileges then tries to create file in /

[Dovecot] convert plugin fails - drops root privileges then tries to create file in /

2 matches

Site Navigation

Mail list logo

Footer information