ph10 2004/10/15 14:21:21 BST
Modified files:
exim-doc/doc-txt ChangeLog
exim-src/src child.c
Log:
Disable SIGUSR1 for all non-exim subprocesses run from Exim (previously,
only the queryprogram case handled this right).
Revision Changes Path
1.6 +6 -0 exim/exim-doc/doc-txt/ChangeLog
1.2 +10 -13 exim/exim-src/src/child.c
Index: ChangeLog
===================================================================
RCS file: /home/cvs/exim/exim-doc/doc-txt/ChangeLog,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- ChangeLog 14 Oct 2004 14:52:45 -0000 1.5
+++ ChangeLog 15 Oct 2004 13:21:21 -0000 1.6
@@ -1,4 +1,4 @@
-$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.5 2004/10/14 14:52:45 ph10 Exp $
+$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.6 2004/10/15 13:21:21 ph10 Exp $
Change log file for Exim from version 4.21
-------------------------------------------
@@ -18,6 +18,12 @@
4. Give more explanation in the error message when the command for a transport
filter fails to execute.
+
+ 5. There are several places where Exim runs a non-Exim command in a
+ subprocess. The SIGUSR1 signal should be disabled for these processes. This
+ was being done only for the command run by the queryprogram router. It is
+ now done for all such subprocesses. The other cases are: ${run, transport
+ filters, and the commands run by the lmtp and pipe transports.
Exim version 4.43
Index: child.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/child.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- child.c 7 Oct 2004 10:39:01 -0000 1.1
+++ child.c 15 Oct 2004 13:21:21 -0000 1.2
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/child.c,v 1.1 2004/10/07 10:39:01 ph10 Exp $ */
+/* $Cambridge: exim/exim-src/src/child.c,v 1.2 2004/10/15 13:21:21 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -247,7 +247,9 @@
any file descriptors "in the way" in the new process, they are closed. A new
umask is supplied for the process, and an optional new uid and gid are also
available. These are used by the queryprogram router to set an unprivileged id.
-The function returns the pid of the new process, or -1 if things go wrong.
+SIGUSR1 is always disabled in the new process, as it is not going to be running
+Exim (the function child_open_exim() is provided for that). This function
+returns the pid of the new process, or -1 if things go wrong.
Arguments:
argv the argv for exec in the new process
@@ -261,7 +263,7 @@
process is placed
wd if not NULL, a path to be handed to chdir() in the new process
make_leader if TRUE, make the new process a process group leader
-
+
Returns: the pid of the created process or -1 if anything has gone wrong
*/
@@ -308,16 +310,11 @@
close(2);
dup2(1, 2);
- /* Set the required environment. If changing uid, ensure that
- SIGUSR1 is ignored, as the process won't have the privilege to
- write to the process log. */
+ /* Set the required environment. */
+ signal(SIGUSR1, SIG_IGN);
if (newgid != NULL && setgid(*newgid) < 0) goto CHILD_FAILED;
- if (newuid != NULL)
- {
- signal(SIGUSR1, SIG_IGN);
- if (setuid(*newuid) < 0) goto CHILD_FAILED;
- }
+ if (newuid != NULL && setuid(*newuid) < 0) goto CHILD_FAILED;
(void)umask(newumask);
/* Set the working directory if required */
@@ -369,9 +366,9 @@
*************************************************/
/* This function is a wrapper for child_open_uid() that doesn't have the uid,
-gid, and working directory changing arguments. It is provided so as to have a
-clean interface for use from local_scan(), but also saves writing NULL
-arguments in other calls.
+gid and working directory changing arguments. The function is provided so as to
+have a clean interface for use from local_scan(), but also saves writing NULL
+arguments several calls that would otherwise use child_open_uid().
Arguments:
argv the argv for exec in the new process