Re: [Exim] Conditionalize a router on file existance; effect…

Top Page

Reply to this message
Author: Harald Meland
Date:  
To: exim-users
Subject: Re: [Exim] Conditionalize a router on file existance; effective uid and NFS woes
--
[Philip Hazel]

> On Wed, 6 Aug 2003, Harald Meland wrote:
>
>> As I now have realized that this solution is indeed not secure
>> (although it's no worse than the situation we've had until now, with
>> Exim < 4), I'll have a look at implementing this by fork()ing out a
>> separate process, doing plain set[ug]id() before stat() etc. there,
>> and reporting the result back to the mother process.
>
> Since the result is just yes/no, it could be passed in the return code,
> which makes things nice and easy.


Exactly.

> No need for complicated mechanisms to pass data between
> processes. That only just occurred to me - I was thinking it would
> be like other complicated cases where pipes are used.


So was I...

Happily, Kjetil Torgrim Homme, the guy over here who first got around
to making a patch for this, didn't. :-)

After we gave the thing a bit of a polish last night, it now seems to
work nicely; you can find the patch attached to this email.

--
Content-Description: Use fork()+exim_setugid() when needed in check_files()

[ Content of type text/x-patch deleted ]
--

--
Harald
--