Add permit_coredump pipe transport option. Fixes: #834

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 493c55445f12f40f098665ae8d53ddee094fb08b..2a69fcf59f9e195f31e6ed2fac58b053ed135a0f 100644 (file)
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -1,4 +1,4 @@
-. $Cambridge: exim/doc/doc-docbook/spec.xfpt,v 1.75 2010/06/05 09:10:08 pdp Exp $
+. $Cambridge: exim/doc/doc-docbook/spec.xfpt,v 1.76 2010/06/05 10:04:43 pdp Exp $

 .
 . /////////////////////////////////////////////////////////////////////////////
 . This is the primary source of the Exim Manual. It is an xfpt document that is
 .
 . /////////////////////////////////////////////////////////////////////////////
 . This is the primary source of the Exim Manual. It is an xfpt document that is


@@ -21075,6 +21075,17 @@ sought in the PATH directories, in the usual way. &*Warning*&: This does not
 apply to a command specified as a transport filter.
 
 
 apply to a command specified as a transport filter.
 
 

+.option permit_coredump pipe boolean false
+Normally Exim inhibits core-dumps during delivery.  If you have a need to get
+a core-dump of a pipe command, enable this command.  This enables core-dumps
+during delivery and affects both the Exim binary and the pipe command run.
+It is recommended that this option remain off unless and until you have a need
+for it and that this only be enabled when needed, as the risk of excessive
+resource consumption can be quite high.  Note also that Exim is typically
+installed as a setuid binary and most operating systems will inhibit coredumps
+of these by default, so further OS-specific action may be required.
+
+

 .option pipe_as_creator pipe boolean false
 .cindex "uid (user id)" "local delivery"
 If the generic &%user%& option is not set and this option is true, the delivery
 .option pipe_as_creator pipe boolean false
 .cindex "uid (user id)" "local delivery"
 If the generic &%user%& option is not set and this option is true, the delivery

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 3ed3aa8c7a7b99ad26b4d5986791366b8454477b..72f799a3689a85ef5b9433871dd523b77ca310ec 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -1,4 +1,4 @@
-$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.617 2010/06/05 09:10:09 pdp Exp $
+$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.618 2010/06/05 10:04:43 pdp Exp $

 
 Change log file for Exim from version 4.21
 -------------------------------------------
 
 Change log file for Exim from version 4.21
 -------------------------------------------


@@ -16,6 +16,10 @@ JJ/01 Added DISABLE_DKIM and comment to src/EDITME
 
 PP/03 Bugzilla 994: added openssl_options main configuration option.
 
 
 PP/03 Bugzilla 994: added openssl_options main configuration option.
 

+PP/04 Bugzilla 995: provide better SSL diagnostics on failed reads.
+
+PP/05 Bugzilla 834: provide a permit_codedump option for pipe transports.
+

 Exim version 4.72
 -----------------
 
 Exim version 4.72
 -----------------
 

diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff
index 589bc53976ebdaaa861084281596919dfdeab8f5..c2c49379f6a68a1d9da72d954eb2c76aa62cfd8d 100644 (file)
--- a/doc/doc-txt/NewStuff
+++ b/doc/doc-txt/NewStuff
@@ -1,4 +1,4 @@
-$Cambridge: exim/doc/doc-txt/NewStuff,v 1.166 2010/06/05 09:10:09 pdp Exp $
+$Cambridge: exim/doc/doc-txt/NewStuff,v 1.167 2010/06/05 10:04:43 pdp Exp $

 
 New Features in Exim
 --------------------
 
 New Features in Exim
 --------------------


@@ -20,6 +20,12 @@ Version 4.73
     consequences for certain options, so these should not be changed
     frivolously.
 
     consequences for certain options, so these should not be changed
     frivolously.
 

+ 2. A new pipe transport option, "permit_coredumps", may help with problem
+    diagnosis in some scenarios.  Note that Exim is typically installed as
+    a setuid binary, which on most OSes will inhibit coredumps by default,
+    so that safety mechanism would have to be overriden for this option to
+    be able to take effect.
+

 
 Version 4.72
 ------------
 
 Version 4.72
 ------------

diff --git a/src/src/deliver.c b/src/src/deliver.c
index 1e1f5a5288893f5eede136462704354238354770..941fec0433bce8fd508b1888af3f70c27e6182c6 100644 (file)
--- a/src/src/deliver.c
+++ b/src/src/deliver.c
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/deliver.c,v 1.47 2009/11/16 19:50:36 nm4 Exp $ */
+/* $Cambridge: exim/src/src/deliver.c,v 1.48 2010/06/05 10:04:44 pdp Exp $ */

 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *


@@ -1727,7 +1727,20 @@ if ((pid = fork()) == 0)
   HP-UX doesn't have RLIMIT_CORE; I don't know how to do this in that
   system. Some experimental/developing systems (e.g. GNU/Hurd) may define
   RLIMIT_CORE but not support it in setrlimit(). For such systems, do not
   HP-UX doesn't have RLIMIT_CORE; I don't know how to do this in that
   system. Some experimental/developing systems (e.g. GNU/Hurd) may define
   RLIMIT_CORE but not support it in setrlimit(). For such systems, do not

-  complain if the error is "not supported". */
+  complain if the error is "not supported".
+
+  There are two scenarios where changing the max limit has an effect.  In one,
+  the user is using a .forward and invoking a command of their choice via pipe;
+  for these, we do need the max limit to be 0 unless the admin chooses to
+  permit an increased limit.  In the other, the command is invoked directly by
+  the transport and is under administrator control, thus being able to raise
+  the limit aids in debugging.  So there's no general always-right answer.
+
+  Thus we inhibit core-dumps completely but let individual transports, while
+  still root, re-raise the limits back up to aid debugging.  We make the
+  default be no core-dumps -- few enough people can use core dumps in
+  diagnosis that it's reasonable to make them something that has to be explicitly requested.
+  */

 
   #ifdef RLIMIT_CORE
   struct rlimit rl;
 
   #ifdef RLIMIT_CORE
   struct rlimit rl;

diff --git a/src/src/transports/pipe.c b/src/src/transports/pipe.c
index 35048258e5f0363c6c41bad899c44fb0d30aa91c..2464abd14a6af5b6a75b6829ca6405cf524ef542 100644 (file)
--- a/src/src/transports/pipe.c
+++ b/src/src/transports/pipe.c
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/transports/pipe.c,v 1.14 2009/11/16 19:50:39 nm4 Exp $ */
+/* $Cambridge: exim/src/src/transports/pipe.c,v 1.15 2010/06/05 10:04:44 pdp Exp $ */

 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *


@@ -57,6 +57,8 @@ optionlist pipe_transport_options[] = {
       (void *)offsetof(pipe_transport_options_block, message_suffix) },
   { "path",              opt_stringptr,
       (void *)offsetof(pipe_transport_options_block, path) },
       (void *)offsetof(pipe_transport_options_block, message_suffix) },
   { "path",              opt_stringptr,
       (void *)offsetof(pipe_transport_options_block, path) },

+  { "permit_coredump",   opt_bool,
+      (void *)offsetof(pipe_transport_options_block, permit_coredump) },

   { "pipe_as_creator",   opt_bool | opt_public,
       (void *)offsetof(transport_instance, deliver_as_creator) },
   { "restrict_to_path",  opt_bool,
   { "pipe_as_creator",   opt_bool | opt_public,
       (void *)offsetof(transport_instance, deliver_as_creator) },
   { "restrict_to_path",  opt_bool,


@@ -110,6 +112,7 @@ pipe_transport_options_block pipe_transport_option_defaults = {
   0,              /* options */
   FALSE,          /* freeze_exec_fail */
   FALSE,          /* ignore_status */
   0,              /* options */
   FALSE,          /* freeze_exec_fail */
   FALSE,          /* ignore_status */

+  FALSE,          /* permit_coredump */

   FALSE,          /* restrict_to_path */
   FALSE,          /* timeout_defer */
   FALSE,          /* use_shell */
   FALSE,          /* restrict_to_path */
   FALSE,          /* timeout_defer */
   FALSE,          /* use_shell */


@@ -127,7 +130,7 @@ pipe_transport_options_block pipe_transport_option_defaults = {
 /* Called for each delivery in the privileged state, just before the uid/gid
 are changed and the main entry point is called. In a system that supports the
 login_cap facilities, this function is used to set the class resource limits
 /* Called for each delivery in the privileged state, just before the uid/gid
 are changed and the main entry point is called. In a system that supports the
 login_cap facilities, this function is used to set the class resource limits

-for the user.
+for the user.  It may also re-enable coredumps.

 
 Arguments:
   tblock     points to the transport instance
 
 Arguments:
   tblock     points to the transport instance


@@ -170,6 +173,24 @@ if (ob->use_classresources)
   }
 #endif
 
   }
 #endif
 

+#ifdef RLIMIT_CORE
+if (ob->permit_coredump)
+  {
+  struct rlimit rl;
+  rl.rlim_cur = RLIM_INFINITY;
+  rl.rlim_max = RLIM_INFINITY;
+  if (setrlimit(RLIMIT_CORE, &rl) < 0)
+    {
+#ifdef SETRLIMIT_NOT_SUPPORTED
+    if (errno != ENOSYS && errno != ENOTSUP)
+#endif
+      log_write(0, LOG_MAIN,
+          "delivery setrlimit(RLIMIT_CORE, RLIMI_INFINITY) failed: %s",
+          strerror(errno));
+    }
+  }
+#endif
+

 return OK;
 }
 
 return OK;
 }
 

diff --git a/src/src/transports/pipe.h b/src/src/transports/pipe.h
index cdb10af7d491896a4586b6ee6678821205f9edd0..da141c0d18a405df70b242adcb09a04e02d31476 100644 (file)
--- a/src/src/transports/pipe.h
+++ b/src/src/transports/pipe.h
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/transports/pipe.h,v 1.7 2009/11/16 19:56:54 nm4 Exp $ */
+/* $Cambridge: exim/src/src/transports/pipe.h,v 1.8 2010/06/05 10:04:44 pdp Exp $ */

 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *


@@ -25,6 +25,7 @@ typedef struct {
   int   options;
   BOOL  freeze_exec_fail;
   BOOL  ignore_status;
   int   options;
   BOOL  freeze_exec_fail;
   BOOL  ignore_status;

+  BOOL  permit_coredump;

   BOOL  restrict_to_path;
   BOOL  timeout_defer;
   BOOL  use_shell;
   BOOL  restrict_to_path;
   BOOL  timeout_defer;
   BOOL  use_shell;