On Fri, 2008-02-15 at 14:53 +0200, Timo Sirainen wrote: > On Fri, 2008-02-15 at 13:40 +0100, Diego Liziero wrote: > > This patch adds the bool option home_slash_dot_slash_chroot (feel free > > to change this name to something easier to understand). Setting this to > > "no" disables the wu-ftp style /./ chroot. > > There are already too many options, but I guess valid_chroot_dirs could > be used for this. Committed to v1.1: > http://hg.dovecot.org/dovecot-1.1/rev/17c65dfdac2a
Great, but this patch solves partially what we would like to have: it allows chroot options to be completely disabled, but it doesn't allow to override /./ chroot with a global mail_chroot option. This happens because to have mail_chroot config option working, we have to add its entry in valid_chroot_dirs, too. This should not be necessary. In this case validate_chroot should be called before checking for mail_chroot (see the patch below). Thank you for your quick answer, Regards, Diego Liziero.
diff -dur dovecot-1.0.10/src/master/mail-process.c dovecot-1.0.10-chroot/src/master/mail-process.c --- dovecot-1.0.10/src/master/mail-process.c 2007-12-20 21:51:23.000000000 +0100 +++ dovecot-1.0.10-chroot/src/master/mail-process.c 2008-02-16 13:26:16.000000000 +0100 @@ -492,9 +492,6 @@ return FALSE; } - if (*chroot_dir == '\0' && *set->mail_chroot != '\0') - chroot_dir = set->mail_chroot; - if (*chroot_dir != '\0') { if (!validate_chroot(set, chroot_dir)) { i_error("Invalid chroot directory '%s' (user %s) " @@ -502,6 +499,12 @@ chroot_dir, user); return FALSE; } + } + + if (*chroot_dir == '\0' && *set->mail_chroot != '\0') + chroot_dir = set->mail_chroot; + + if (*chroot_dir != '\0') { if (set->mail_drop_priv_before_exec) { i_error("Can't chroot to directory '%s' (user %s) " "with mail_drop_priv_before_exec=yes", Only in dovecot-1.0.10-chroot/src/master: mail-process.c.orig