Hi,
this is in response to Debian BTS item #280282
(
http://bugs.debian.org/280282), filed in exim bugzilla as #70.
The issue in question shows that some part in exim's content scanner
invokes fopen() after explicitly setting umask(0), so that the file
created ends up in the file system with 666 permission.
A cursory inspection of exim's code shows up other places where
fopen() is used with umask 0, and there are even places where
fopen()/fchmod() is used, introducing possible race conditions.
Is there a background to be considered why it was chosen to do things
this way, should exim generally run with a more restrictive umask
(only to be relaxed when it's really needed), or should a fopen()
wrapper be used? Or am I misled in seeing a possible issue here?
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
