ph10 2006/02/22 14:46:44 GMT
Modified files:
exim-doc/doc-txt ChangeLog
exim-src/src daemon.c demime.c exim.c functions.h
malware.c mime.c spool_mbox.c
Log:
Put file-creating fopen() calls in content-scanning code in a wrapper
that handles the mode.
Revision Changes Path
1.310 +11 -0 exim/exim-doc/doc-txt/ChangeLog
1.15 +1 -2 exim/exim-src/src/daemon.c
1.9 +1 -1 exim/exim-src/src/demime.c
1.35 +42 -2 exim/exim-src/src/exim.c
1.22 +1 -0 exim/exim-src/src/functions.h
1.14 +1 -1 exim/exim-src/src/malware.c
1.14 +3 -3 exim/exim-src/src/mime.c
1.11 +1 -1 exim/exim-src/src/spool_mbox.c
Index: ChangeLog
===================================================================
RCS file: /home/cvs/exim/exim-doc/doc-txt/ChangeLog,v
retrieving revision 1.309
retrieving revision 1.310
diff -u -r1.309 -r1.310
--- ChangeLog 21 Feb 2006 16:24:19 -0000 1.309
+++ ChangeLog 22 Feb 2006 14:46:44 -0000 1.310
@@ -1,4 +1,4 @@
-$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.309 2006/02/21 16:24:19 ph10 Exp $
+$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.310 2006/02/22 14:46:44 ph10 Exp $
Change log file for Exim from version 4.21
-------------------------------------------
@@ -209,6 +209,17 @@
PH/41 Added support for the use of login_cap features, on those BSD systems
that have them, for controlling the resources used by pipe deliveries.
+
+PH/42 The content-scanning code uses fopen() to create files in which to put
+ message data. Previously it was not paying any attention to the mode of
+ the files. Exim runs with umask(0) because the rest of the code creates
+ files with open(), and sets the required mode explicitly. Thus, these
+ files were ending up world-writeable. This was not a big issue, because,
+ being within the spool directory, they were not world-accessible. I have
+ created a function called modefopen, which takes an additional mode
+ argument. It sets umask(777), creates the file, chmods it to the required
+ mode, then resets the umask. All the relevant calls to fopen() in the
+ content scanning code have been changed to use this function.
Exim version 4.60
Index: daemon.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/daemon.c,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- daemon.c 7 Feb 2006 11:19:00 -0000 1.14
+++ daemon.c 22 Feb 2006 14:46:44 -0000 1.15
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/daemon.c,v 1.14 2006/02/07 11:19:00 ph10 Exp $ */
+/* $Cambridge: exim/exim-src/src/daemon.c,v 1.15 2006/02/22 14:46:44 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -1414,11 +1414,10 @@
if (pid_file_path[0] == 0)
pid_file_path = string_sprintf("%s/exim-daemon.pid", spool_directory);
- f = Ufopen(pid_file_path, "wb");
+ f = modefopen(pid_file_path, "wb", 0644);
if (f != NULL)
{
(void)fprintf(f, "%d\n", (int)getpid());
- (void)fchmod(fileno(f), 0644);
(void)fclose(f);
DEBUG(D_any) debug_printf("pid written to %s\n", pid_file_path);
}
Index: demime.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/demime.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- demime.c 1 Aug 2005 14:41:25 -0000 1.8
+++ demime.c 22 Feb 2006 14:46:44 -0000 1.9
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/demime.c,v 1.8 2005/08/01 14:41:25 ph10 Exp $ */
+/* $Cambridge: exim/exim-src/src/demime.c,v 1.9 2006/02/22 14:46:44 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -256,7 +256,7 @@
}
while(result != -1);
- *f = fopen(CS file_name,"wb+");
+ *f = modefopen(file_name,"wb+",SPOOL_MODE);
if (*f == NULL) {
/* cannot open new dump file, disk full ? -> soft error */
(void)string_format(info, 1024,"unable to open dump file");
Index: exim.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/exim.c,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -r1.34 -r1.35
--- exim.c 21 Feb 2006 16:24:19 -0000 1.34
+++ exim.c 22 Feb 2006 14:46:44 -0000 1.35
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/exim.c,v 1.34 2006/02/21 16:24:19 ph10 Exp $ */
+/* $Cambridge: exim/exim-src/src/exim.c,v 1.35 2006/02/22 14:46:44 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -376,6 +376,39 @@
/*************************************************
+* Call fopen() with umask 777 and adjust mode *
+*************************************************/
+
+/* Exim runs with umask(0) so that files created with open() have the mode that
+is specified in the open() call. However, there are some files, typically in
+the spool directory, that are created with fopen(). They end up world-writeable
+if no precautions are taken. Although the spool directory is not accessible to
+the world, this is an untidiness. So this is a wrapper function for fopen()
+that sorts out the mode of the created file.
+
+Arguments:
+ filename the file name
+ options the fopen() options
+ mode the required mode
+
+Returns: the fopened FILE or NULL
+*/
+
+FILE *
+modefopen(uschar *filename, char *options, mode_t mode)
+{
+FILE *f;
+umask(0777);
+f = Ufopen(filename, options);
+umask(0);
+if (f != NULL) (void)fchmod(fileno(f), mode);
+return f;
+}
+
+
+
+
+/*************************************************
* Ensure stdin, stdout, and stderr exist *
*************************************************/
@@ -1440,8 +1473,15 @@
message_id = message_id_external + 1;
message_id[0] = 0;
-/* Set the umask to zero so that any files that Exim creates are created
-with the modes that it specifies. */
+/* Set the umask to zero so that any files that Exim creates using open() are
+created with the modes that it specifies. NOTE: Files created with fopen() have
+a problem, which was not recognized till rather late (February 2006). With this
+umask, such files will be world writeable. (They are all content scanning files
+in the spool directory, which isn't world-accessible, so this is not a
+disaster, but it's untidy.) I don't want to change this overall setting,
+however, because it will interact badly with the open() calls. Instead, there's
+now a function called modefopen() that fiddles with the umask while calling
+fopen(). */
umask(0);
Index: functions.h
===================================================================
RCS file: /home/cvs/exim/exim-src/src/functions.h,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- functions.h 7 Feb 2006 11:19:00 -0000 1.21
+++ functions.h 22 Feb 2006 14:46:44 -0000 1.22
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/functions.h,v 1.21 2006/02/07 11:19:00 ph10 Exp $ */
+/* $Cambridge: exim/exim-src/src/functions.h,v 1.22 2006/02/22 14:46:44 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -166,6 +166,7 @@
extern void moan_tell_someone(uschar *, address_item *, uschar *, char *,
...);
extern BOOL moan_to_sender(int, error_block *, header_line *, FILE *, BOOL);
+extern FILE *modefopen(uschar *, char *, mode_t);
extern uschar *parse_extract_address(uschar *, uschar **, int *, int *, int *,
BOOL);
Index: malware.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/malware.c,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- malware.c 2 Aug 2005 18:24:14 -0000 1.13
+++ malware.c 22 Feb 2006 14:46:44 -0000 1.14
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/malware.c,v 1.13 2005/08/02 18:24:14 tom Exp $ */
+/* $Cambridge: exim/exim-src/src/malware.c,v 1.14 2006/02/22 14:46:44 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -873,7 +873,7 @@
};
(void)string_format(file_name,1024,"%s/scan/%s/%s_scanner_output", spool_directory, message_id, message_id);
- scanner_record = fopen(CS file_name,"wb");
+ scanner_record = modefopen(file_name,"wb",SPOOL_MODE);
if (scanner_record == NULL) {
log_write(0, LOG_MAIN|LOG_PANIC,
Index: mime.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/mime.c,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- mime.c 15 Nov 2005 10:08:25 -0000 1.13
+++ mime.c 22 Feb 2006 14:46:44 -0000 1.14
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/mime.c,v 1.13 2005/11/15 10:08:25 ph10 Exp $ */
+/* $Cambridge: exim/exim-src/src/mime.c,v 1.14 2006/02/22 14:46:44 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -241,10 +241,10 @@
if ((pname != NULL) && (fname != NULL)) {
(void)string_format(filename, 2048, "%s/%s", pname, fname);
- f = fopen(CS filename,"wb+");
+ f = modefopen(filename,"wb+",SPOOL_MODE);
}
else if (pname == NULL) {
- f = fopen(CS fname,"wb+");
+ f = modefopen(fname,"wb+",SPOOL_MODE);
}
else if (fname == NULL) {
int file_nr = 0;
@@ -261,7 +261,7 @@
result = stat(CS filename,&mystat);
}
while(result != -1);
- f = fopen(CS filename,"wb+");
+ f = modefopen(filename,"wb+",SPOOL_MODE);
};
/* set expansion variable */
Index: spool_mbox.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/spool_mbox.c,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- spool_mbox.c 1 Aug 2005 14:41:25 -0000 1.10
+++ spool_mbox.c 22 Feb 2006 14:46:44 -0000 1.11
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/spool_mbox.c,v 1.10 2005/08/01 14:41:25 ph10 Exp $ */
+/* $Cambridge: exim/exim-src/src/spool_mbox.c,v 1.11 2006/02/22 14:46:44 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -56,7 +56,7 @@
/* open [message_id].eml file for writing */
(void)string_format(mbox_path, 1024, "%s/scan/%s/%s.eml", spool_directory, message_id, message_id);
- mbox_file = Ufopen(mbox_path,"wb");
+ mbox_file = modefopen(mbox_path,"wb",SPOOL_MODE);
if (mbox_file == NULL) {
debug_printf("unable to open file for writing: %s\n", mbox_path);