diff options
| author | Gilles Chehade <gilles@cvs.openbsd.org> | 2012-10-03 17:58:04 +0000 |
|---|---|---|
| committer | Gilles Chehade <gilles@cvs.openbsd.org> | 2012-10-03 17:58:04 +0000 |
| commit | c103f476f0d7aa20a55b9f8cbd80335447992a15 (patch) | |
| tree | c481fa71eb96ee7a5faf9134ac92671b84197983 /usr.sbin/smtpd/smtpd.c | |
| parent | dda472ec5c5ed8fb58070f3d9ca58cd49d608ac9 (diff) | |
disallow root deliveries for "deliver to filename" and "deliver to mda"
rules, we only allow them for mbox and maildir though users should really
create a root alias ...
discussed with eric@ and chl@, ok both
Diffstat (limited to 'usr.sbin/smtpd/smtpd.c')
| -rw-r--r-- | usr.sbin/smtpd/smtpd.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/usr.sbin/smtpd/smtpd.c b/usr.sbin/smtpd/smtpd.c index c7e79cd672f..4b87cb6e45d 100644 --- a/usr.sbin/smtpd/smtpd.c +++ b/usr.sbin/smtpd/smtpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: smtpd.c,v 1.172 2012/09/28 17:28:30 eric Exp $ */ +/* $OpenBSD: smtpd.c,v 1.173 2012/10/03 17:58:03 gilles Exp $ */ /* * Copyright (c) 2008 Gilles Chehade <gilles@openbsd.org> @@ -829,6 +829,13 @@ forkmda(struct imsgev *iev, uint32_t id, if (db == NULL) return; + if (u.uid == 0 && ! db->allow_root) { + n = snprintf(ebuf, sizeof ebuf, "not allowed to deliver to: %s", + deliver->user); + imsg_compose_event(iev, IMSG_MDA_DONE, id, 0, -1, ebuf, n + 1); + return; + } + /* lower privs early to allow fork fail due to ulimit */ if (seteuid(u.uid) < 0) fatal("smtpd: forkmda: cannot lower privileges"); |