Autor: Harald Meland Data: Para: exim-users Assunto: Re: [Exim] Conditionalize a router on file existance; effective uid
and NFS woes
--
[Philip Hazel]
> On Wed, 6 Aug 2003, Harald Meland wrote:
>
>> As I now have realized that this solution is indeed not secure
>> (although it's no worse than the situation we've had until now, with
>> Exim < 4), I'll have a look at implementing this by fork()ing out a
>> separate process, doing plain set[ug]id() before stat() etc. there,
>> and reporting the result back to the mother process.
>
> Since the result is just yes/no, it could be passed in the return code,
> which makes things nice and easy.
Exactly.
> No need for complicated mechanisms to pass data between
> processes. That only just occurred to me - I was thinking it would
> be like other complicated cases where pipes are used.
So was I...
Happily, Kjetil Torgrim Homme, the guy over here who first got around
to making a patch for this, didn't. :-)
After we gave the thing a bit of a polish last night, it now seems to
work nicely; you can find the patch attached to this email.
--
Content-Description: Use fork()+exim_setugid() when needed in check_files()