Delay chdir(/) until we opened the main config

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 799104ec438c606d2544e52c4ac3ee0ed0e350a1..c61d7a2e816f7235c3ffdd49d876f24729b010a8 100644 (file)
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -3487,8 +3487,6 @@ name, but it can be a colon-separated list of names. In this case, the first
 file that exists is used. Failure to open an existing file stops Exim from
 proceeding any further along the list, and an error is generated.
 
-The file names need to be absolute names.
-
 When this option is used by a caller other than root, and the list is different
 from the compiled-in list, Exim gives up its root privilege immediately, and
 runs with the real and effective uid and gid set to those of the caller.

diff --git a/src/src/exim.c b/src/src/exim.c
index d6f2d4aac601c3fde28b0167461785bad131543e..02fda675621a4182a32c38b1313c6dd801f623f6 100644 (file)
--- a/src/src/exim.c
+++ b/src/src/exim.c
@@ -3741,17 +3741,16 @@ if (running_in_test_harness) smtputf8_advertise_hosts = NULL;
 
 /* Read the main runtime configuration data; this gives up if there
 is a failure. It leaves the configuration file open so that the subsequent
-configuration data for delivery can be read if needed. */
+configuration data for delivery can be read if needed.
 
-/* To be safe: change the working directory to /. */
-if (Uchdir("/") < 0)
-  {
-    perror("exim: chdir `/': ");
-    exit(EXIT_FAILURE);
-  }
+NOTE: immediatly after opening the configuration file we change the working
+directory to "/"! Later we change to $spool_directory. We do it there, because
+during readconf_main() some expansion takes place already. */
 
 readconf_main();
 
+/* Now in directory "/" */
+
 if (cleanup_environment() == FALSE)
   log_write(0, LOG_PANIC_DIE, "Can't cleanup environment");
 

diff --git a/src/src/readconf.c b/src/src/readconf.c
index 3654f19d1b4c1609be408425156de73d3db82e81..1119651f0a27b484c90ebfd59d1d63762c2510a1 100644 (file)
--- a/src/src/readconf.c
+++ b/src/src/readconf.c
@@ -3049,14 +3049,6 @@ while((filename = string_nextinlist(&list, &sep, big_buffer, big_buffer_size))
        != NULL)
   {
 
-  /* To avoid confusion: Exim changes to / at the very beginning and
-   * and to $spool_directory later. */
-  if (filename[0] != '/')
-    {
-    fprintf(stderr, "-C %s: only absolute names are allowed\n", filename);
-    exit(EXIT_FAILURE);
-  }
-
   /* Cut out all the fancy processing unless specifically wanted */
 
   #if defined(CONFIGURE_FILE_USE_NODE) || defined(CONFIGURE_FILE_USE_EUID)
@@ -3110,6 +3102,15 @@ while((filename = string_nextinlist(&list, &sep, big_buffer, big_buffer_size))
   if (config_file != NULL || errno != ENOENT) break;
   }
 
+/* Now, once we found and opened our configuration file, we change the directory
+to a safe place. Later we change to $spool_directory. */
+
+if (Uchdir("/") < 0)
+  {
+  perror("exim: chdir `/': ");
+  exit(EXIT_FAILURE);
+  }
+
 /* On success, save the name for verification; config_filename is used when
 logging configuration errors (it changes for .included files) whereas
 config_main_filename is the name shown by -bP. Failure to open a configuration