On Fri, 2008-02-15 at 14:53 +0200, Timo Sirainen wrote:
> On Fri, 2008-02-15 at 13:40 +0100, Diego Liziero wrote:
> > This patch adds the bool option home_slash_dot_slash_chroot (feel free
> > to change this name to something easier to understand). Setting this to
> > "no" disables the wu-ftp style /./ chroot.
>
> There are already too many options, but I guess valid_chroot_dirs could
> be used for this. Committed to v1.1:
> http://hg.dovecot.org/dovecot-1.1/rev/17c65dfdac2a
Great, but this patch solves partially what we would like to have:
it allows chroot options to be completely disabled, but it doesn't allow
to override /./ chroot with a global mail_chroot option.
This happens because to have mail_chroot config option working, we have
to add its entry in valid_chroot_dirs, too.
This should not be necessary.
In this case validate_chroot should be called before checking for
mail_chroot (see the patch below).
Thank you for your quick answer,
Regards,
Diego Liziero.
diff -dur dovecot-1.0.10/src/master/mail-process.c dovecot-1.0.10-chroot/src/master/mail-process.c
--- dovecot-1.0.10/src/master/mail-process.c 2007-12-20 21:51:23.000000000 +0100
+++ dovecot-1.0.10-chroot/src/master/mail-process.c 2008-02-16 13:26:16.000000000 +0100
@@ -492,9 +492,6 @@
return FALSE;
}
- if (*chroot_dir == '\0' && *set->mail_chroot != '\0')
- chroot_dir = set->mail_chroot;
-
if (*chroot_dir != '\0') {
if (!validate_chroot(set, chroot_dir)) {
i_error("Invalid chroot directory '%s' (user %s) "
@@ -502,6 +499,12 @@
chroot_dir, user);
return FALSE;
}
+ }
+
+ if (*chroot_dir == '\0' && *set->mail_chroot != '\0')
+ chroot_dir = set->mail_chroot;
+
+ if (*chroot_dir != '\0') {
if (set->mail_drop_priv_before_exec) {
i_error("Can't chroot to directory '%s' (user %s) "
"with mail_drop_priv_before_exec=yes",
Only in dovecot-1.0.10-chroot/src/master: mail-process.c.orig
