email_mirror_server: Drop privileges before attaching file handler.

2025-11-02 13:03:29 +00:00 · 2025-09-17 19:00:31 +00:00
parent 468a7a82dd
commit b39188f9cf
1 changed files with 3 additions and 1 deletions
--- a/zerver/lib/email_mirror_server.py
+++ b/zerver/lib/email_mirror_server.py
@@ -31,8 +31,8 @@ from zerver.lib.exceptions import JsonableError, RateLimitedError
 from zerver.lib.logging_util import log_to_file
 from zerver.lib.queue import queue_json_publish_rollback_unsafe

+# We add a file handler to this later, once we've dropped privileges
 logger = logging.getLogger("zerver.lib.email_mirror")
-log_to_file(logger, settings.EMAIL_MIRROR_LOG_PATH)


 def send_to_postmaster(msg: email.message.Message) -> None:
@@ -178,6 +178,8 @@ class PermissionDroppingUnthreadedController(UnthreadedController):  # nocoverag
            os.setgid(self.group_id)
            os.setuid(self.user_id)

+        log_to_file(logger, settings.EMAIL_MIRROR_LOG_PATH)
+
        server = self.loop.create_server(
            self._factory_invoker,
            sock=server_socket,