[exim-cvs] cvs commit: exim/exim-doc/doc-txt ChangeLog exim…

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: exim-cvs
Subject: [exim-cvs] cvs commit: exim/exim-doc/doc-txt ChangeLog exim/exim-src/src daemon.c demime.c exim.c functions.h malware.c mime.c spool_mbox.c
ph10 2006/02/22 14:46:44 GMT

  Modified files:
    exim-doc/doc-txt     ChangeLog 
    exim-src/src         daemon.c demime.c exim.c functions.h 
                         malware.c mime.c spool_mbox.c 
  Log:
  Put file-creating fopen() calls in content-scanning code in a wrapper
  that handles the mode.


  Revision  Changes    Path
  1.310     +11 -0     exim/exim-doc/doc-txt/ChangeLog
  1.15      +1 -2      exim/exim-src/src/daemon.c
  1.9       +1 -1      exim/exim-src/src/demime.c
  1.35      +42 -2     exim/exim-src/src/exim.c
  1.22      +1 -0      exim/exim-src/src/functions.h
  1.14      +1 -1      exim/exim-src/src/malware.c
  1.14      +3 -3      exim/exim-src/src/mime.c
  1.11      +1 -1      exim/exim-src/src/spool_mbox.c


  Index: ChangeLog
  ===================================================================
  RCS file: /home/cvs/exim/exim-doc/doc-txt/ChangeLog,v
  retrieving revision 1.309
  retrieving revision 1.310
  diff -u -r1.309 -r1.310
  --- ChangeLog    21 Feb 2006 16:24:19 -0000    1.309
  +++ ChangeLog    22 Feb 2006 14:46:44 -0000    1.310
  @@ -1,4 +1,4 @@
  -$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.309 2006/02/21 16:24:19 ph10 Exp $
  +$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.310 2006/02/22 14:46:44 ph10 Exp $


Change log file for Exim from version 4.21
-------------------------------------------
@@ -209,6 +209,17 @@

   PH/41 Added support for the use of login_cap features, on those BSD systems
         that have them, for controlling the resources used by pipe deliveries.
  +
  +PH/42 The content-scanning code uses fopen() to create files in which to put
  +      message data. Previously it was not paying any attention to the mode of
  +      the files. Exim runs with umask(0) because the rest of the code creates
  +      files with open(), and sets the required mode explicitly. Thus, these
  +      files were ending up world-writeable. This was not a big issue, because,
  +      being within the spool directory, they were not world-accessible. I have
  +      created a function called modefopen, which takes an additional mode
  +      argument. It sets umask(777), creates the file, chmods it to the required
  +      mode, then resets the umask. All the relevant calls to fopen() in the
  +      content scanning code have been changed to use this function.



Exim version 4.60

  Index: daemon.c
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/daemon.c,v
  retrieving revision 1.14
  retrieving revision 1.15
  diff -u -r1.14 -r1.15
  --- daemon.c    7 Feb 2006 11:19:00 -0000    1.14
  +++ daemon.c    22 Feb 2006 14:46:44 -0000    1.15
  @@ -1,4 +1,4 @@
  -/* $Cambridge: exim/exim-src/src/daemon.c,v 1.14 2006/02/07 11:19:00 ph10 Exp $ */
  +/* $Cambridge: exim/exim-src/src/daemon.c,v 1.15 2006/02/22 14:46:44 ph10 Exp $ */


   /*************************************************
   *     Exim - an Internet mail transport agent    *
  @@ -1414,11 +1414,10 @@
     if (pid_file_path[0] == 0)
       pid_file_path = string_sprintf("%s/exim-daemon.pid", spool_directory);


  -  f = Ufopen(pid_file_path, "wb");
  +  f = modefopen(pid_file_path, "wb", 0644);
     if (f != NULL)
       {
       (void)fprintf(f, "%d\n", (int)getpid());
  -    (void)fchmod(fileno(f), 0644);
       (void)fclose(f);
       DEBUG(D_any) debug_printf("pid written to %s\n", pid_file_path);
       }


  Index: demime.c
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/demime.c,v
  retrieving revision 1.8
  retrieving revision 1.9
  diff -u -r1.8 -r1.9
  --- demime.c    1 Aug 2005 14:41:25 -0000    1.8
  +++ demime.c    22 Feb 2006 14:46:44 -0000    1.9
  @@ -1,4 +1,4 @@
  -/* $Cambridge: exim/exim-src/src/demime.c,v 1.8 2005/08/01 14:41:25 ph10 Exp $ */
  +/* $Cambridge: exim/exim-src/src/demime.c,v 1.9 2006/02/22 14:46:44 ph10 Exp $ */


   /*************************************************
   *     Exim - an Internet mail transport agent    *
  @@ -256,7 +256,7 @@
     }
     while(result != -1);


  -  *f = fopen(CS file_name,"wb+");
  +  *f = modefopen(file_name,"wb+",SPOOL_MODE);
     if (*f == NULL) {
       /* cannot open new dump file, disk full ? -> soft error */
       (void)string_format(info, 1024,"unable to open dump file");


  Index: exim.c
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/exim.c,v
  retrieving revision 1.34
  retrieving revision 1.35
  diff -u -r1.34 -r1.35
  --- exim.c    21 Feb 2006 16:24:19 -0000    1.34
  +++ exim.c    22 Feb 2006 14:46:44 -0000    1.35
  @@ -1,4 +1,4 @@
  -/* $Cambridge: exim/exim-src/src/exim.c,v 1.34 2006/02/21 16:24:19 ph10 Exp $ */
  +/* $Cambridge: exim/exim-src/src/exim.c,v 1.35 2006/02/22 14:46:44 ph10 Exp $ */


   /*************************************************
   *     Exim - an Internet mail transport agent    *
  @@ -376,6 +376,39 @@



   /*************************************************
  +*   Call fopen() with umask 777 and adjust mode  *
  +*************************************************/
  +
  +/* Exim runs with umask(0) so that files created with open() have the mode that
  +is specified in the open() call. However, there are some files, typically in
  +the spool directory, that are created with fopen(). They end up world-writeable
  +if no precautions are taken. Although the spool directory is not accessible to
  +the world, this is an untidiness. So this is a wrapper function for fopen()
  +that sorts out the mode of the created file.
  +
  +Arguments:
  +   filename       the file name
  +   options        the fopen() options
  +   mode           the required mode
  +
  +Returns:          the fopened FILE or NULL
  +*/
  +
  +FILE *
  +modefopen(uschar *filename, char *options, mode_t mode)
  +{
  +FILE *f;
  +umask(0777);
  +f = Ufopen(filename, options);
  +umask(0);
  +if (f != NULL) (void)fchmod(fileno(f), mode);
  +return f;
  +}
  +
  +
  +
  +
  +/*************************************************
   *   Ensure stdin, stdout, and stderr exist       *
   *************************************************/


@@ -1440,8 +1473,15 @@
message_id = message_id_external + 1;
message_id[0] = 0;

-/* Set the umask to zero so that any files that Exim creates are created
-with the modes that it specifies. */
+/* Set the umask to zero so that any files that Exim creates using open() are
+created with the modes that it specifies. NOTE: Files created with fopen() have
+a problem, which was not recognized till rather late (February 2006). With this
+umask, such files will be world writeable. (They are all content scanning files
+in the spool directory, which isn't world-accessible, so this is not a
+disaster, but it's untidy.) I don't want to change this overall setting,
+however, because it will interact badly with the open() calls. Instead, there's
+now a function called modefopen() that fiddles with the umask while calling
+fopen(). */

umask(0);


  Index: functions.h
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/functions.h,v
  retrieving revision 1.21
  retrieving revision 1.22
  diff -u -r1.21 -r1.22
  --- functions.h    7 Feb 2006 11:19:00 -0000    1.21
  +++ functions.h    22 Feb 2006 14:46:44 -0000    1.22
  @@ -1,4 +1,4 @@
  -/* $Cambridge: exim/exim-src/src/functions.h,v 1.21 2006/02/07 11:19:00 ph10 Exp $ */
  +/* $Cambridge: exim/exim-src/src/functions.h,v 1.22 2006/02/22 14:46:44 ph10 Exp $ */


   /*************************************************
   *     Exim - an Internet mail transport agent    *
  @@ -166,6 +166,7 @@
   extern void    moan_tell_someone(uschar *, address_item *, uschar *, char *,
                    ...);
   extern BOOL    moan_to_sender(int, error_block *, header_line *, FILE *, BOOL);
  +extern FILE   *modefopen(uschar *, char *, mode_t);


   extern uschar *parse_extract_address(uschar *, uschar **, int *, int *, int *,
                    BOOL);


  Index: malware.c
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/malware.c,v
  retrieving revision 1.13
  retrieving revision 1.14
  diff -u -r1.13 -r1.14
  --- malware.c    2 Aug 2005 18:24:14 -0000    1.13
  +++ malware.c    22 Feb 2006 14:46:44 -0000    1.14
  @@ -1,4 +1,4 @@
  -/* $Cambridge: exim/exim-src/src/malware.c,v 1.13 2005/08/02 18:24:14 tom Exp $ */
  +/* $Cambridge: exim/exim-src/src/malware.c,v 1.14 2006/02/22 14:46:44 ph10 Exp $ */


   /*************************************************
   *     Exim - an Internet mail transport agent    *
  @@ -873,7 +873,7 @@
         };


         (void)string_format(file_name,1024,"%s/scan/%s/%s_scanner_output", spool_directory, message_id, message_id);
  -      scanner_record = fopen(CS file_name,"wb");
  +      scanner_record = modefopen(file_name,"wb",SPOOL_MODE);


         if (scanner_record == NULL) {
           log_write(0, LOG_MAIN|LOG_PANIC,


  Index: mime.c
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/mime.c,v
  retrieving revision 1.13
  retrieving revision 1.14
  diff -u -r1.13 -r1.14
  --- mime.c    15 Nov 2005 10:08:25 -0000    1.13
  +++ mime.c    22 Feb 2006 14:46:44 -0000    1.14
  @@ -1,4 +1,4 @@
  -/* $Cambridge: exim/exim-src/src/mime.c,v 1.13 2005/11/15 10:08:25 ph10 Exp $ */
  +/* $Cambridge: exim/exim-src/src/mime.c,v 1.14 2006/02/22 14:46:44 ph10 Exp $ */


   /*************************************************
   *     Exim - an Internet mail transport agent    *
  @@ -241,10 +241,10 @@


     if ((pname != NULL) && (fname != NULL)) {
       (void)string_format(filename, 2048, "%s/%s", pname, fname);
  -    f = fopen(CS filename,"wb+");
  +    f = modefopen(filename,"wb+",SPOOL_MODE);
     }
     else if (pname == NULL) {
  -    f = fopen(CS fname,"wb+");
  +    f = modefopen(fname,"wb+",SPOOL_MODE);
     }
     else if (fname == NULL) {
       int file_nr = 0;
  @@ -261,7 +261,7 @@
         result = stat(CS filename,&mystat);
       }
       while(result != -1);
  -    f = fopen(CS filename,"wb+");
  +    f = modefopen(filename,"wb+",SPOOL_MODE);
     };


     /* set expansion variable */


  Index: spool_mbox.c
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/spool_mbox.c,v
  retrieving revision 1.10
  retrieving revision 1.11
  diff -u -r1.10 -r1.11
  --- spool_mbox.c    1 Aug 2005 14:41:25 -0000    1.10
  +++ spool_mbox.c    22 Feb 2006 14:46:44 -0000    1.11
  @@ -1,4 +1,4 @@
  -/* $Cambridge: exim/exim-src/src/spool_mbox.c,v 1.10 2005/08/01 14:41:25 ph10 Exp $ */
  +/* $Cambridge: exim/exim-src/src/spool_mbox.c,v 1.11 2006/02/22 14:46:44 ph10 Exp $ */


   /*************************************************
   *     Exim - an Internet mail transport agent    *
  @@ -56,7 +56,7 @@


       /* open [message_id].eml file for writing */
       (void)string_format(mbox_path, 1024, "%s/scan/%s/%s.eml", spool_directory, message_id, message_id);
  -    mbox_file = Ufopen(mbox_path,"wb");
  +    mbox_file = modefopen(mbox_path,"wb",SPOOL_MODE);


       if (mbox_file == NULL) {
         debug_printf("unable to open file for writing: %s\n", mbox_path);