X-Git-Url: https://diplodocus.org/git/nmh/blobdiff_plain/05dba91fcb152e1941e7f7f145b1d830c5e8f6d0..e6917522:/uip/slocal.c?ds=inline

diff --git a/uip/slocal.c b/uip/slocal.c
index a807d816..8afef253 100644
--- a/uip/slocal.c
+++ b/uip/slocal.c
@@ -34,6 +34,10 @@
 #include <sys/ioctl.h>
 #include <fcntl.h>
 
+/* Hopefully, grp.h declares initgroups().  If we run into a platform
+   where it doesn't, we could consider declaring it here as well. */
+#include <grp.h>
+
 /* This define is needed for Berkeley db v2 and above to
  * make the header file expose the 'historical' ndbm APIs.
  * We define it unconditionally because this is simple and
@@ -179,7 +183,7 @@ int
 main (int argc, char **argv)
 {
     int fd, status;
-    FILE *fp = stdin;
+    FILE *fp;
     char *cp, *mdlvr = NULL, buf[BUFSIZ];
     char mailbox[BUFSIZ], tmpfil[BUFSIZ];
     char **argp, **arguments;
@@ -278,6 +282,16 @@ main (int argc, char **argv)
 	chdir ("/");
     umask (0077);
 
+    if (geteuid() == 0) {
+	if (setgid (pw->pw_gid) != 0) {
+	    adios ("setgid", "unable to set group to %ld", (long) pw->pw_gid);
+	}
+	initgroups (pw->pw_name, pw->pw_gid);
+	if (setuid (pw->pw_uid) != 0) {
+	    adios ("setuid", "unable to set user to %ld", (long) pw->pw_uid);
+	}
+    }
+
     if (info == NULL)
 	info = "";
 
@@ -1400,6 +1414,7 @@ suppress_duplicates (int fd, char *file)
     rewind (in);
 
     for (;;) {
+        int failed_to_lock = 0;
 	int bufsz = sizeof buf;
 	state = m_getfld (&gstate, name, buf, &bufsz, in);
 	switch (state) {
@@ -1437,7 +1452,8 @@ suppress_duplicates (int fd, char *file)
 		 * This will fail if your Maildelivery file doesn't
 		 * exist.
 		 */
-		if ((lockfd = lkopendata(file, O_RDWR, 0)) == -1) {
+		if ((lockfd = lkopendata(file, O_RDWR, 0, &failed_to_lock))
+		    == -1) {
 		    advise (file, "unable to perform file locking on");
 		    free (cp);
 		    fclose (in);