1 This patch was developed by a customer at New York University, as part of

     2 the analysis of a bug that was only discovered because the customer was

     3 building procmail as root, triggering TOGGLE_SGID_OK to be set, which in

     4 turn triggered CAN_toggle_sgid to be set, which is checked via logical OR

     5 with accspooldir when deciding about the privileges needed to set[rg]id.

     6 The patch will be submitted upstream.

     7 

     8 --- procmail-3.22/src/foldinfo.c.orig	2001-09-10 21:57:32.000000000 +0000

     9 +++ procmail-3.22/src/foldinfo.c	2017-04-03 09:35:21.186639287 +0000

    10 @@ -185,9 +185,9 @@

    11       *chp='\0';					   /* strip off the filename */

    12    if(!stat(buf,&stbuf))

    13     { unsigned wwsdir;

    14 -     accspooldir=(wwsdir=			/* world writable spool dir? */

    15 -	    ((S_IWGRP|S_IXGRP|S_IWOTH|S_IXOTH)&stbuf.st_mode)==

    16 -	     (S_IWGRP|S_IXGRP|S_IWOTH|S_IXOTH)

    17 +     accspooldir=((wwsdir=			/* world writable spool dir? */

    18 +	    (((S_IWGRP|S_IXGRP|S_IWOTH|S_IXOTH)&stbuf.st_mode)==

    19 +	     (S_IWGRP|S_IXGRP|S_IWOTH|S_IXOTH)))

    20  	  <<1|						 /* note it in bit 1 */

    21  	  uid==stbuf.st_uid);	   /* we own the spool dir, note it in bit 0 */

    22       if((CAN_toggle_sgid||accspooldir)&&privileged)