DEBUG(D_uid)
{
- int group_count;
+ int group_count, save_errno;
gid_t group_list[NGROUPS_MAX];
debug_printf("changed uid/gid: %s\n uid=%ld gid=%ld pid=%ld\n", msg,
(long int)geteuid(), (long int)getegid(), (long int)getpid());
group_count = getgroups(NGROUPS_MAX, group_list);
+ save_errno = errno;
debug_printf(" auxiliary group list:");
if (group_count > 0)
{
int i;
for (i = 0; i < group_count; i++) debug_printf(" %d", (int)group_list[i]);
}
+ else if (group_count < 0)
+ debug_printf(" <error: %s>", strerror(save_errno));
else debug_printf(" <none>");
debug_printf("\n");
}
" Runtime: %s\n",
PCRE_MAJOR, PCRE_MINOR,
/* PRE_PRERELEASE is either defined and empty or a string.
- * This should work: */
+ * unless its an ancient version of PCRE in which case it
+ * is not defined */
+#ifdef PCRE_PRERELEASE
PCRE_PRERELEASE "",
+#else
+ "",
+#endif
pcre_version());
init_lookup_list();
lookup_list[i]->version_report(f);
}
+#ifdef WHITELIST_D_MACROS
+ fprintf(f, "WHITELIST_D_MACROS: \"%s\"\n", WHITELIST_D_MACROS);
+#else
+ fprintf(f, "WHITELIST_D_MACROS unset\n");
+#endif
+#ifdef TRUSTED_CONFIG_LIST
+ fprintf(f, "TRUSTED_CONFIG_LIST: \"%s\"\n", TRUSTED_CONFIG_LIST);
+#else
+ fprintf(f, "TRUSTED_CONFIG_LIST unset\n");
+#endif
+
} while (0);
}
return FALSE;
}
}
-debug_printf("macros_trusted overriden to true by whitelisting\n");
+DEBUG(D_any) debug_printf("macros_trusted overriden to true by whitelisting\n");
return TRUE;
#endif
}
save the group list here first. */
group_count = getgroups(NGROUPS_MAX, group_list);
+if (group_count < 0)
+ {
+ fprintf(stderr, "exim: getgroups() failed: %s\n", strerror(errno));
+ exit(EXIT_FAILURE);
+ }
/* There is a fundamental difference in some BSD systems in the matter of
groups. FreeBSD and BSDI are known to be different; NetBSD and OpenBSD are
and should be used for any logging information because attempts to write
to the log will usually fail. To arrange this, we unset really_exim. However,
if no stderr is available there is no point - we might as well have a go
- at the log (if it fails, syslog will be written). */
+ at the log (if it fails, syslog will be written).
+
+ Note that if the invoker is Exim, the logs remain available. Messing with
+ this causes unlogged successful deliveries. */
- if (log_stderr != NULL) really_exim = FALSE;
+ if ((log_stderr != NULL) && (real_uid != exim_uid))
+ really_exim = FALSE;
}
/* Privilege is to be retained for the moment. It may be dropped later,
no need to complain then. */
if (rv == -1)
{
- if (!unprivileged)
+ if (!(unprivileged || removed_privilege))
{
fprintf(stderr,
"exim: changing group failed: %s\n", strerror(errno));
exit(EXIT_FAILURE);
}
else
- debug_printf("changing group to %ld failed: %s\n",
+ DEBUG(D_any) debug_printf("changing group to %ld failed: %s\n",
(long int)exim_gid, strerror(errno));
}
}