-/* $Cambridge: exim/src/src/exim.c,v 1.35 2006/02/22 14:46:44 ph10 Exp $ */
+/* $Cambridge: exim/src/src/exim.c,v 1.39 2006/05/22 18:42:34 fanf2 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
FILE *
modefopen(uschar *filename, char *options, mode_t mode)
{
-FILE *f;
-umask(0777);
-f = Ufopen(filename, options);
-umask(0);
+mode_t saved_umask = umask(0777);
+FILE *f = Ufopen(filename, options);
+(void)umask(saved_umask);
if (f != NULL) (void)fchmod(fileno(f), mode);
return f;
}
#if HAVE_IPV6
fprintf(f, " IPv6");
#endif
-#ifdef HAVE_LOGIN_CAP
- fprintf(f, " use_classresources");
+#ifdef HAVE_SETCLASSRESOURCES
+ fprintf(f, " use_setclassresources");
#endif
#ifdef SUPPORT_PAM
fprintf(f, " PAM");
message_id = message_id_external + 1;
message_id[0] = 0;
-/* Set the umask to zero so that any files that Exim creates using open() are
+/* Set the umask to zero so that any files Exim creates using open() are
created with the modes that it specifies. NOTE: Files created with fopen() have
a problem, which was not recognized till rather late (February 2006). With this
umask, such files will be world writeable. (They are all content scanning files
now a function called modefopen() that fiddles with the umask while calling
fopen(). */
-umask(0);
+(void)umask(0);
/* Precompile the regular expression for matching a message id. Keep this in
step with the code that generates ids in the accept.c module. We need to do
except when starting the daemon or doing some kind of delivery or address
testing (-bt). These are the only cases when root need to be retained. We run
as exim for -bv and -bh. However, if deliver_drop_privilege is set, root is
-retained only for starting the daemon. */
+retained only for starting the daemon. We always do the initgroups() in this
+situation (controlled by the TRUE below), in order to be as close as possible
+to the state Exim usually runs in. */
if (!unprivileged && /* originally had root AND */
!removed_privilege && /* still got root AND */
)
))
{
- exim_setugid(exim_uid, exim_gid, FALSE, US"privilege not needed");
+ exim_setugid(exim_uid, exim_gid, TRUE, US"privilege not needed");
}
/* When we are retaining a privileged uid, we still change to the exim gid. */
return EXIT_FAILURE;
}
- /* For the rcpt_4xx errors, a value of 255 means "any", and a code > 100 as
- an error is for matching codes to the decade. Turn them into a real error
- code, off the decade. */
+ /* For the {MAIL,RCPT,DATA}_4xx errors, a value of 255 means "any", and a
+ code > 100 as an error is for matching codes to the decade. Turn them into
+ a real error code, off the decade. */
- if (basic_errno == ERRNO_RCPT4XX)
+ if (basic_errno == ERRNO_MAIL4XX ||
+ basic_errno == ERRNO_RCPT4XX ||
+ basic_errno == ERRNO_DATA4XX)
{
int code = (more_errno >> 8) & 255;
if (code == 255)