#------------------------------------------------------------------------------
# See below for dynamic lookup modules.
-# LOOKUP_MODULE_DIR=/usr/lib/exim/lookups/
+#
# If not using package management but using this anyway, then think about how
# you perform upgrades and revert them. You should consider the benefit of
# embedding the Exim version number into LOOKUP_MODULE_DIR, so that you can
# maintain two concurrent sets of modules.
+#
+# *BEWARE*: ability to modify the files in LOOKUP_MODULE_DIR is equivalent to
+# the ability to modify the Exim binary, which is often setuid root! The Exim
+# developers only intend this functionality be used by OS software packagers
+# and we suggest that such packagings' integrity checks should be paranoid
+# about the permissions of the directory and the files within.
+
+# LOOKUP_MODULE_DIR=/usr/lib/exim/lookups/
# To build a module dynamically, you'll need to define CFLAGS_DYNAMIC for
# your platform. Eg:
}
}
+/* Initialise lookup_list
+If debugging, already called above via version reporting.
+In either case, we initialise the list of available lookups while running
+as root. All dynamically modules are loaded from a directory which is
+hard-coded into the binary and is code which, if not a module, would be
+part of Exim already. Ability to modify the content of the directory
+is equivalent to the ability to modify a setuid binary!
+
+This needs to happen before we read the main configuration. */
+init_lookup_list();
+
/* Read the main runtime configuration data; this gives up if there
is a failure. It leaves the configuration file open so that the subsequent
configuration data for delivery can be read if needed. */
}
#endif /* EXIM_PERL */
-/* Initialise lookup_list
-If debugging, already called above via version reporting.
-This does mean that debugging causes the list to be initialised while root.
-This *should* be harmless -- all modules are loaded from a fixed dir and
-it's code that would, if not a module, be part of Exim already. */
-init_lookup_list();
-
/* Log the arguments of the call if the configuration file said so. This is
a debugging feature for finding out what arguments certain MUAs actually use.
Don't attempt it if logging is disabled, or if listing variables or if