Check configure file permissions even for non-default files if still privileged

[exim.git] / src / src / exim.c

diff --git a/src/src/exim.c b/src/src/exim.c
index a68a06227e1b5bca2d31193e323d553052b14a27..0d8f2449274a8d3e33ad46afcab9dacfe5fb15df 100644 (file)
--- a/src/src/exim.c
+++ b/src/src/exim.c
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/exim.c,v 1.69 2010/06/06 02:46:13 pdp Exp $ */
+/* $Cambridge: exim/src/src/exim.c,v 1.71 2010/06/07 00:12:42 pdp Exp $ */
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
@@ -905,7 +905,7 @@ if (fixed_never_users[0] > 0)
   fprintf(f, "%d\n", (unsigned int)fixed_never_users[i]);
   }
 
-fprintf(f, "Size of off_t: %d\n", sizeof(off_t));
+fprintf(f, "Size of off_t: " SIZE_T_FMT "\n", sizeof(off_t));
 
 /* This runtime check is to help diagnose library linkage mismatches which
 result in segfaults and the like; as such, it's left until the end,
@@ -1570,7 +1570,7 @@ for (i = 1; i < argc; i++)
     else if (Ustrcmp(argrest, "version") == 0)
       {
       switchchar = 'b';
-      argrest = "V";
+      argrest = US"V";
       }
     }
 
@@ -1848,6 +1848,7 @@ for (i = 1; i < argc; i++)
 
       config_main_filelist = argrest;
       config_changed = TRUE;
+      trusted_config = FALSE;
       }
     break;
 
@@ -3046,7 +3047,7 @@ values (such as the path name). If running in the test harness, pretend that
 configuration file changes and macro definitions haven't happened. */
 
 if ((                                            /* EITHER */
-    (config_changed || macros != NULL) &&        /* Config changed, and */
+    (!trusted_config || macros != NULL) &&       /* Config changed, and */
     real_uid != root_uid &&                      /* Not root, and */
     #ifndef ALT_CONFIG_ROOT_ONLY                 /* (when not locked out) */
     real_uid != exim_uid &&                      /* Not exim, and */
@@ -3265,7 +3266,7 @@ If ALT_CONFIG_ROOT_ONLY is defined, we don't know whether we were called by the
 built-in exim user or one defined in the configuration. In either event,
 re-enable log processing, assuming the sysadmin knows what they are doing. */
 
-if (removed_privilege && (config_changed || macros != NULL) &&
+if (removed_privilege && (!trusted_config || macros != NULL) &&
     real_uid == exim_uid)
   {
   #ifdef ALT_CONFIG_ROOT_ONLY
@@ -3277,7 +3278,7 @@ if (removed_privilege && (config_changed || macros != NULL) &&
   else
     log_write(0, LOG_MAIN|LOG_PANIC,
       "exim user (uid=%d) is defined only at runtime; privilege lost for %s",
-      (int)exim_uid, config_changed? "-C" : "-D");
+      (int)exim_uid, trusted_config? "-D" : "-C");
   #endif
   }
 
@@ -3623,6 +3624,7 @@ else setgid(exim_gid);
 /* Handle a request to scan a file for malware */
 if (malware_test_file)
   {
+#ifdef WITH_CONTENT_SCAN
   int result;
   set_process_info("scanning file for malware");
   result = malware_in_file(malware_test_file);
@@ -3640,6 +3642,9 @@ if (malware_test_file)
     printf("Malware found: %s\n", malware_name);
   else
     printf("Malware scan detected malware of unknown name.\n");
+#else
+  printf("Malware scanning not enabled at compile time.\n");
+#endif
   exit(EXIT_FAILURE);
   }