[exim-cvs] cvs commit: exim/exim-doc/doc-docbook spec.xfpt …

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: exim-cvs
Subject: [exim-cvs] cvs commit: exim/exim-doc/doc-docbook spec.xfpt exim/exim-doc/doc-txt ChangeLog NewStuff exim/exim-src/src deliver.c exim/exim-src/src/transports pipe.c pipe.h
pdp 2010/06/05 11:04:44 BST

  Modified files:
    exim-doc/doc-docbook spec.xfpt 
    exim-doc/doc-txt     ChangeLog NewStuff 
    exim-src/src         deliver.c 
    exim-src/src/transports pipe.c pipe.h 
  Log:
  Add permit_coredump pipe transport option.  Fixes: #834


  Revision  Changes    Path
  1.76      +11 -0     exim/exim-doc/doc-docbook/spec.xfpt
  1.618     +4 -0      exim/exim-doc/doc-txt/ChangeLog
  1.167     +6 -0      exim/exim-doc/doc-txt/NewStuff
  1.48      +14 -1     exim/exim-src/src/deliver.c
  1.15      +22 -1     exim/exim-src/src/transports/pipe.c
  1.8       +1 -0      exim/exim-src/src/transports/pipe.h


  Index: spec.xfpt
  ===================================================================
  RCS file: /home/cvs/exim/exim-doc/doc-docbook/spec.xfpt,v
  retrieving revision 1.75
  retrieving revision 1.76
  diff -u -r1.75 -r1.76
  --- spec.xfpt    5 Jun 2010 09:10:08 -0000    1.75
  +++ spec.xfpt    5 Jun 2010 10:04:43 -0000    1.76
  @@ -1,4 +1,4 @@
  -. $Cambridge: exim/exim-doc/doc-docbook/spec.xfpt,v 1.75 2010/06/05 09:10:08 pdp Exp $
  +. $Cambridge: exim/exim-doc/doc-docbook/spec.xfpt,v 1.76 2010/06/05 10:04:43 pdp Exp $
   .
   . /////////////////////////////////////////////////////////////////////////////
   . This is the primary source of the Exim Manual. It is an xfpt document that is
  @@ -21075,6 +21075,17 @@
   apply to a command specified as a transport filter.



+.option permit_coredump pipe boolean false
+Normally Exim inhibits core-dumps during delivery. If you have a need to get
+a core-dump of a pipe command, enable this command. This enables core-dumps
+during delivery and affects both the Exim binary and the pipe command run.
+It is recommended that this option remain off unless and until you have a need
+for it and that this only be enabled when needed, as the risk of excessive
+resource consumption can be quite high. Note also that Exim is typically
+installed as a setuid binary and most operating systems will inhibit coredumps
+of these by default, so further OS-specific action may be required.
+
+
.option pipe_as_creator pipe boolean false
.cindex "uid (user id)" "local delivery"
If the generic &%user%& option is not set and this option is true, the delivery

  Index: ChangeLog
  ===================================================================
  RCS file: /home/cvs/exim/exim-doc/doc-txt/ChangeLog,v
  retrieving revision 1.617
  retrieving revision 1.618
  diff -u -r1.617 -r1.618
  --- ChangeLog    5 Jun 2010 09:10:09 -0000    1.617
  +++ ChangeLog    5 Jun 2010 10:04:43 -0000    1.618
  @@ -1,4 +1,4 @@
  -$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.617 2010/06/05 09:10:09 pdp Exp $
  +$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.618 2010/06/05 10:04:43 pdp Exp $


Change log file for Exim from version 4.21
-------------------------------------------
@@ -16,6 +16,10 @@

PP/03 Bugzilla 994: added openssl_options main configuration option.

+PP/04 Bugzilla 995: provide better SSL diagnostics on failed reads.
+
+PP/05 Bugzilla 834: provide a permit_codedump option for pipe transports.
+
Exim version 4.72
-----------------


  Index: NewStuff
  ===================================================================
  RCS file: /home/cvs/exim/exim-doc/doc-txt/NewStuff,v
  retrieving revision 1.166
  retrieving revision 1.167
  diff -u -r1.166 -r1.167
  --- NewStuff    5 Jun 2010 09:10:09 -0000    1.166
  +++ NewStuff    5 Jun 2010 10:04:43 -0000    1.167
  @@ -1,4 +1,4 @@
  -$Cambridge: exim/exim-doc/doc-txt/NewStuff,v 1.166 2010/06/05 09:10:09 pdp Exp $
  +$Cambridge: exim/exim-doc/doc-txt/NewStuff,v 1.167 2010/06/05 10:04:43 pdp Exp $


   New Features in Exim
   --------------------
  @@ -20,6 +20,12 @@
       consequences for certain options, so these should not be changed
       frivolously.


  + 2. A new pipe transport option, "permit_coredumps", may help with problem
  +    diagnosis in some scenarios.  Note that Exim is typically installed as
  +    a setuid binary, which on most OSes will inhibit coredumps by default,
  +    so that safety mechanism would have to be overriden for this option to
  +    be able to take effect.
  +


Version 4.72
------------

  Index: deliver.c
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/deliver.c,v
  retrieving revision 1.47
  retrieving revision 1.48
  diff -u -r1.47 -r1.48
  --- deliver.c    16 Nov 2009 19:50:36 -0000    1.47
  +++ deliver.c    5 Jun 2010 10:04:44 -0000    1.48
  @@ -1,4 +1,4 @@
  -/* $Cambridge: exim/exim-src/src/deliver.c,v 1.47 2009/11/16 19:50:36 nm4 Exp $ */
  +/* $Cambridge: exim/exim-src/src/deliver.c,v 1.48 2010/06/05 10:04:44 pdp Exp $ */


   /*************************************************
   *     Exim - an Internet mail transport agent    *
  @@ -1727,7 +1727,20 @@
     HP-UX doesn't have RLIMIT_CORE; I don't know how to do this in that
     system. Some experimental/developing systems (e.g. GNU/Hurd) may define
     RLIMIT_CORE but not support it in setrlimit(). For such systems, do not
  -  complain if the error is "not supported". */
  +  complain if the error is "not supported".
  +
  +  There are two scenarios where changing the max limit has an effect.  In one,
  +  the user is using a .forward and invoking a command of their choice via pipe;
  +  for these, we do need the max limit to be 0 unless the admin chooses to
  +  permit an increased limit.  In the other, the command is invoked directly by
  +  the transport and is under administrator control, thus being able to raise
  +  the limit aids in debugging.  So there's no general always-right answer.
  +
  +  Thus we inhibit core-dumps completely but let individual transports, while
  +  still root, re-raise the limits back up to aid debugging.  We make the
  +  default be no core-dumps -- few enough people can use core dumps in
  +  diagnosis that it's reasonable to make them something that has to be explicitly requested.
  +  */


     #ifdef RLIMIT_CORE
     struct rlimit rl;


  Index: pipe.c
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/transports/pipe.c,v
  retrieving revision 1.14
  retrieving revision 1.15
  diff -u -r1.14 -r1.15
  --- pipe.c    16 Nov 2009 19:50:39 -0000    1.14
  +++ pipe.c    5 Jun 2010 10:04:44 -0000    1.15
  @@ -1,4 +1,4 @@
  -/* $Cambridge: exim/exim-src/src/transports/pipe.c,v 1.14 2009/11/16 19:50:39 nm4 Exp $ */
  +/* $Cambridge: exim/exim-src/src/transports/pipe.c,v 1.15 2010/06/05 10:04:44 pdp Exp $ */


   /*************************************************
   *     Exim - an Internet mail transport agent    *
  @@ -57,6 +57,8 @@
         (void *)offsetof(pipe_transport_options_block, message_suffix) },
     { "path",              opt_stringptr,
         (void *)offsetof(pipe_transport_options_block, path) },
  +  { "permit_coredump",   opt_bool,
  +      (void *)offsetof(pipe_transport_options_block, permit_coredump) },
     { "pipe_as_creator",   opt_bool | opt_public,
         (void *)offsetof(transport_instance, deliver_as_creator) },
     { "restrict_to_path",  opt_bool,
  @@ -110,6 +112,7 @@
     0,              /* options */
     FALSE,          /* freeze_exec_fail */
     FALSE,          /* ignore_status */
  +  FALSE,          /* permit_coredump */
     FALSE,          /* restrict_to_path */
     FALSE,          /* timeout_defer */
     FALSE,          /* use_shell */
  @@ -127,7 +130,7 @@
   /* Called for each delivery in the privileged state, just before the uid/gid
   are changed and the main entry point is called. In a system that supports the
   login_cap facilities, this function is used to set the class resource limits
  -for the user.
  +for the user.  It may also re-enable coredumps.


   Arguments:
     tblock     points to the transport instance
  @@ -170,6 +173,24 @@
     }
   #endif


  +#ifdef RLIMIT_CORE
  +if (ob->permit_coredump)
  +  {
  +  struct rlimit rl;
  +  rl.rlim_cur = RLIM_INFINITY;
  +  rl.rlim_max = RLIM_INFINITY;
  +  if (setrlimit(RLIMIT_CORE, &rl) < 0)
  +    {
  +#ifdef SETRLIMIT_NOT_SUPPORTED
  +    if (errno != ENOSYS && errno != ENOTSUP)
  +#endif
  +      log_write(0, LOG_MAIN,
  +          "delivery setrlimit(RLIMIT_CORE, RLIMI_INFINITY) failed: %s",
  +          strerror(errno));
  +    }
  +  }
  +#endif
  +
   return OK;
   }



  Index: pipe.h
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/transports/pipe.h,v
  retrieving revision 1.7
  retrieving revision 1.8
  diff -u -r1.7 -r1.8
  --- pipe.h    16 Nov 2009 19:56:54 -0000    1.7
  +++ pipe.h    5 Jun 2010 10:04:44 -0000    1.8
  @@ -1,4 +1,4 @@
  -/* $Cambridge: exim/exim-src/src/transports/pipe.h,v 1.7 2009/11/16 19:56:54 nm4 Exp $ */
  +/* $Cambridge: exim/exim-src/src/transports/pipe.h,v 1.8 2010/06/05 10:04:44 pdp Exp $ */


   /*************************************************
   *     Exim - an Internet mail transport agent    *
  @@ -25,6 +25,7 @@
     int   options;
     BOOL  freeze_exec_fail;
     BOOL  ignore_status;
  +  BOOL  permit_coredump;
     BOOL  restrict_to_path;
     BOOL  timeout_defer;
     BOOL  use_shell;