git://git.exim.org
/
exim.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
2b965a6
)
Call initgroups() when dropping privilege, in order that Exim runs with
author
Tony Finch
<dot@dot.at>
Mon, 22 May 2006 18:42:34 +0000
(18:42 +0000)
committer
Tony Finch
<dot@dot.at>
Mon, 22 May 2006 18:42:34 +0000
(18:42 +0000)
consistent privilege.
doc/doc-txt/ChangeLog
patch
|
blob
|
history
src/src/exim.c
patch
|
blob
|
history
diff --git
a/doc/doc-txt/ChangeLog
b/doc/doc-txt/ChangeLog
index 0a8f13749e73424edddfb928afddeeac06f6103e..4e8657a1f4c675c5936fdf0d90bfe1798773f5bb 100644
(file)
--- a/
doc/doc-txt/ChangeLog
+++ b/
doc/doc-txt/ChangeLog
@@
-1,4
+1,4
@@
-$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.35
2 2006/05/22 17:43:10
fanf2 Exp $
+$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.35
3 2006/05/22 18:44:24
fanf2 Exp $
Change log file for Exim from version 4.21
-------------------------------------------
Change log file for Exim from version 4.21
-------------------------------------------
@@
-20,6
+20,8
@@
SC/03 Collect data on the number of addresses (recipients) as well
TF/01 Correct an error in the documentation for the redirect router. Exim
does (usually) call initgroups() when daemonizing.
TF/01 Correct an error in the documentation for the redirect router. Exim
does (usually) call initgroups() when daemonizing.
+TF/02 Call initgroups() when dropping privilege in exim.c, so that Exim runs with
+ consistent privilege compared to when running as a daemon.
Exim version 4.62
-----------------
Exim version 4.62
-----------------
diff --git
a/src/src/exim.c
b/src/src/exim.c
index 9384cc192af714e8ebcaddcef8b73475c55a8afb..41016ad3e3b5c849681eb7e9b6e5e86b90d855d1 100644
(file)
--- a/
src/src/exim.c
+++ b/
src/src/exim.c
@@
-1,4
+1,4
@@
-/* $Cambridge: exim/src/src/exim.c,v 1.3
8 2006/03/16 12:25:24 ph10
Exp $ */
+/* $Cambridge: exim/src/src/exim.c,v 1.3
9 2006/05/22 18:42:34 fanf2
Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
/*************************************************
* Exim - an Internet mail transport agent *
@@
-3597,7
+3597,9
@@
root privilege above as a result of -C, -D, -be, -bf or -bF, remove it now
except when starting the daemon or doing some kind of delivery or address
testing (-bt). These are the only cases when root need to be retained. We run
as exim for -bv and -bh. However, if deliver_drop_privilege is set, root is
except when starting the daemon or doing some kind of delivery or address
testing (-bt). These are the only cases when root need to be retained. We run
as exim for -bv and -bh. However, if deliver_drop_privilege is set, root is
-retained only for starting the daemon. */
+retained only for starting the daemon. We always do the initgroups() in this
+situation (controlled by the TRUE below), in order to be as close as possible
+to the state Exim usually runs in. */
if (!unprivileged && /* originally had root AND */
!removed_privilege && /* still got root AND */
if (!unprivileged && /* originally had root AND */
!removed_privilege && /* still got root AND */
@@
-3613,7
+3615,7
@@
if (!unprivileged && /* originally had root AND */
)
))
{
)
))
{
- exim_setugid(exim_uid, exim_gid,
FALS
E, US"privilege not needed");
+ exim_setugid(exim_uid, exim_gid,
TRU
E, US"privilege not needed");
}
/* When we are retaining a privileged uid, we still change to the exim gid. */
}
/* When we are retaining a privileged uid, we still change to the exim gid. */