X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/8800895ae8a1e9c49c739839a6623292d7a473d0..805e5aabc6e28e536153862bcef7268f84108fd7:/src/src/exim.c diff --git a/src/src/exim.c b/src/src/exim.c index f3f303d6d..41016ad3e 100644 --- a/src/src/exim.c +++ b/src/src/exim.c @@ -1,10 +1,10 @@ -/* $Cambridge: exim/src/src/exim.c,v 1.28 2005/09/12 10:08:54 ph10 Exp $ */ +/* $Cambridge: exim/src/src/exim.c,v 1.39 2006/05/22 18:42:34 fanf2 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2005 */ +/* Copyright (c) University of Cambridge 1995 - 2006 */ /* See the file NOTICE for conditions of use and distribution. */ @@ -375,6 +375,38 @@ va_end(ap); +/************************************************* +* Call fopen() with umask 777 and adjust mode * +*************************************************/ + +/* Exim runs with umask(0) so that files created with open() have the mode that +is specified in the open() call. However, there are some files, typically in +the spool directory, that are created with fopen(). They end up world-writeable +if no precautions are taken. Although the spool directory is not accessible to +the world, this is an untidiness. So this is a wrapper function for fopen() +that sorts out the mode of the created file. + +Arguments: + filename the file name + options the fopen() options + mode the required mode + +Returns: the fopened FILE or NULL +*/ + +FILE * +modefopen(uschar *filename, char *options, mode_t mode) +{ +mode_t saved_umask = umask(0777); +FILE *f = Ufopen(filename, options); +(void)umask(saved_umask); +if (f != NULL) (void)fchmod(fileno(f), mode); +return f; +} + + + + /************************************************* * Ensure stdin, stdout, and stderr exist * *************************************************/ @@ -842,6 +874,9 @@ fprintf(f, "Support for:"); #if HAVE_IPV6 fprintf(f, " IPv6"); #endif +#ifdef HAVE_SETCLASSRESOURCES + fprintf(f, " use_setclassresources"); +#endif #ifdef SUPPORT_PAM fprintf(f, " PAM"); #endif @@ -861,6 +896,12 @@ fprintf(f, "Support for:"); fprintf(f, " OpenSSL"); #endif #endif +#ifdef SUPPORT_TRANSLATE_IP_ADDRESS + fprintf(f, " translate_ip_address"); +#endif +#ifdef SUPPORT_MOVE_FROZEN_MESSAGES + fprintf(f, " move_frozen_messages"); +#endif #ifdef WITH_CONTENT_SCAN fprintf(f, " Content_Scanning"); #endif @@ -1006,6 +1047,8 @@ if (fixed_never_users[0] > 0) fprintf(f, "%d:", (unsigned int)fixed_never_users[i]); fprintf(f, "%d\n", (unsigned int)fixed_never_users[i]); } + +fprintf(f, "Size of off_t: %d\n", sizeof(off_t)); } @@ -1429,10 +1472,17 @@ message_id_external[0] = 'E'; message_id = message_id_external + 1; message_id[0] = 0; -/* Set the umask to zero so that any files that Exim creates are created -with the modes that it specifies. */ +/* Set the umask to zero so that any files Exim creates using open() are +created with the modes that it specifies. NOTE: Files created with fopen() have +a problem, which was not recognized till rather late (February 2006). With this +umask, such files will be world writeable. (They are all content scanning files +in the spool directory, which isn't world-accessible, so this is not a +disaster, but it's untidy.) I don't want to change this overall setting, +however, because it will interact badly with the open() calls. Instead, there's +now a function called modefopen() that fiddles with the umask while calling +fopen(). */ -umask(0); +(void)umask(0); /* Precompile the regular expression for matching a message id. Keep this in step with the code that generates ids in the accept.c module. We need to do @@ -3547,7 +3597,9 @@ root privilege above as a result of -C, -D, -be, -bf or -bF, remove it now except when starting the daemon or doing some kind of delivery or address testing (-bt). These are the only cases when root need to be retained. We run as exim for -bv and -bh. However, if deliver_drop_privilege is set, root is -retained only for starting the daemon. */ +retained only for starting the daemon. We always do the initgroups() in this +situation (controlled by the TRUE below), in order to be as close as possible +to the state Exim usually runs in. */ if (!unprivileged && /* originally had root AND */ !removed_privilege && /* still got root AND */ @@ -3563,7 +3615,7 @@ if (!unprivileged && /* originally had root AND */ ) )) { - exim_setugid(exim_uid, exim_gid, FALSE, US"privilege not needed"); + exim_setugid(exim_uid, exim_gid, TRUE, US"privilege not needed"); } /* When we are retaining a privileged uid, we still change to the exim gid. */ @@ -3675,11 +3727,13 @@ if (test_retry_arg >= 0) return EXIT_FAILURE; } - /* For the rcpt_4xx errors, a value of 255 means "any", and a code > 100 as - an error is for matching codes to the decade. Turn them into a real error - code, off the decade. */ + /* For the {MAIL,RCPT,DATA}_4xx errors, a value of 255 means "any", and a + code > 100 as an error is for matching codes to the decade. Turn them into + a real error code, off the decade. */ - if (basic_errno == ERRNO_RCPT4XX) + if (basic_errno == ERRNO_MAIL4XX || + basic_errno == ERRNO_RCPT4XX || + basic_errno == ERRNO_DATA4XX) { int code = (more_errno >> 8) & 255; if (code == 255) @@ -4732,12 +4786,6 @@ while (more) close_unwanted(); /* Close unwanted file descriptors and TLS */ exim_nullstd(); /* Ensure std{in,out,err} exist */ - /* Occasionally in the test harness we don't have synchronous delivery - set (can happen with bounces). In that case, let the old process finish - before continuing, to keep the debug output the same. */ - - if (running_in_test_harness && !synchronous_delivery) millisleep(100); - /* Re-exec Exim if we need to regain privilege (note: in mua_wrapper mode, deliver_drop_privilege is forced TRUE). */