What do people think of this patch? Making it impossible to install
Exim setgid may cause problems for some sites, I fear.
--- exim-doc/doc-txt/ChangeLog 28 Jun 2006 16:00:23 -0000 1.363
+++ exim-doc/doc-txt/ChangeLog 30 Jun 2006 12:07:46 -0000
@@ -56,6 +56,16 @@
bit to forbid control=suppress_local_fixups in the acl_not_smtp
ACL,
because it is too late at that time, and has no effect.
+TF/06 If Exim is erroneously installed set-GID, then on some BSD Unices it
+ will think that its caller is a member of that group. This can make Exim
+ believe that all users are trusted or admin users, if its set-GID group
+ is a trusted or admin group. On BSD-like Unices, membership of group
+ zero (wheel) is required to be able to use su(1), so these users are
+ likely to be trusted and/or admin users, and Exim is likely to be
+ installed with group zero ownership.
+
+ Therefore, Exim now drops group privilege.
+
Exim version 4.62
-----------------
--- exim-src/src/exim.c 28 Jun 2006 16:00:24 -0000 1.40
+++ exim-src/src/exim.c 30 Jun 2006 12:07:46 -0000
@@ -3001,9 +3001,27 @@
privilege for a changed configuration file, but later on we might need to
check on the additional groups for the admin user privilege - can't do that
till after reading the config, which might specify the exim gid. Therefore,
-save the group list here first. */
+save the group list here first.
+Note that if Exim is erroneously installed with a setgid bit, the group list
+might include the EGID instead of the caller's group as its first element.
+This can cause Exim to treat all users as trusted or admin! Therefore, we drop
+the group privilege before calling getgroups() to ensure that we aren't
+confused. Note that we can't tell the difference between being setgid on
+"different" BSD systems (see below), and the caller being legitimately in the
+setgid group on other Unices. */
+
+setgid(getgid());
group_count = getgroups(NGROUPS_MAX, group_list);
+
+debug_printf("caller's group list:");
+if (group_count > 0)
+ {
+ int i;
+ for (i = 0; i < group_count; i++) debug_printf(" %d", (int)group_list[i]);
+ }
+else debug_printf(" <none>");
+debug_printf("\n");
/* There is a fundamental difference in some BSD systems in the matter of
groups. FreeBSD and BSDI are known to be different; NetBSD and OpenBSD are
Tony.
--
<fanf@???> <dot@???>
http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}