pdp 2010/06/05 11:04:44 BST
Modified files:
exim-doc/doc-docbook spec.xfpt
exim-doc/doc-txt ChangeLog NewStuff
exim-src/src deliver.c
exim-src/src/transports pipe.c pipe.h
Log:
Add permit_coredump pipe transport option. Fixes: #834
Revision Changes Path
1.76 +11 -0 exim/exim-doc/doc-docbook/spec.xfpt
1.618 +4 -0 exim/exim-doc/doc-txt/ChangeLog
1.167 +6 -0 exim/exim-doc/doc-txt/NewStuff
1.48 +14 -1 exim/exim-src/src/deliver.c
1.15 +22 -1 exim/exim-src/src/transports/pipe.c
1.8 +1 -0 exim/exim-src/src/transports/pipe.h
Index: spec.xfpt
===================================================================
RCS file: /home/cvs/exim/exim-doc/doc-docbook/spec.xfpt,v
retrieving revision 1.75
retrieving revision 1.76
diff -u -r1.75 -r1.76
--- spec.xfpt 5 Jun 2010 09:10:08 -0000 1.75
+++ spec.xfpt 5 Jun 2010 10:04:43 -0000 1.76
@@ -1,4 +1,4 @@
-. $Cambridge: exim/exim-doc/doc-docbook/spec.xfpt,v 1.75 2010/06/05 09:10:08 pdp Exp $
+. $Cambridge: exim/exim-doc/doc-docbook/spec.xfpt,v 1.76 2010/06/05 10:04:43 pdp Exp $
.
. /////////////////////////////////////////////////////////////////////////////
. This is the primary source of the Exim Manual. It is an xfpt document that is
@@ -21075,6 +21075,17 @@
apply to a command specified as a transport filter.
+.option permit_coredump pipe boolean false
+Normally Exim inhibits core-dumps during delivery. If you have a need to get
+a core-dump of a pipe command, enable this command. This enables core-dumps
+during delivery and affects both the Exim binary and the pipe command run.
+It is recommended that this option remain off unless and until you have a need
+for it and that this only be enabled when needed, as the risk of excessive
+resource consumption can be quite high. Note also that Exim is typically
+installed as a setuid binary and most operating systems will inhibit coredumps
+of these by default, so further OS-specific action may be required.
+
+
.option pipe_as_creator pipe boolean false
.cindex "uid (user id)" "local delivery"
If the generic &%user%& option is not set and this option is true, the delivery
Index: ChangeLog
===================================================================
RCS file: /home/cvs/exim/exim-doc/doc-txt/ChangeLog,v
retrieving revision 1.617
retrieving revision 1.618
diff -u -r1.617 -r1.618
--- ChangeLog 5 Jun 2010 09:10:09 -0000 1.617
+++ ChangeLog 5 Jun 2010 10:04:43 -0000 1.618
@@ -1,4 +1,4 @@
-$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.617 2010/06/05 09:10:09 pdp Exp $
+$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.618 2010/06/05 10:04:43 pdp Exp $
Change log file for Exim from version 4.21
-------------------------------------------
@@ -16,6 +16,10 @@
PP/03 Bugzilla 994: added openssl_options main configuration option.
+PP/04 Bugzilla 995: provide better SSL diagnostics on failed reads.
+
+PP/05 Bugzilla 834: provide a permit_codedump option for pipe transports.
+
Exim version 4.72
-----------------
Index: NewStuff
===================================================================
RCS file: /home/cvs/exim/exim-doc/doc-txt/NewStuff,v
retrieving revision 1.166
retrieving revision 1.167
diff -u -r1.166 -r1.167
--- NewStuff 5 Jun 2010 09:10:09 -0000 1.166
+++ NewStuff 5 Jun 2010 10:04:43 -0000 1.167
@@ -1,4 +1,4 @@
-$Cambridge: exim/exim-doc/doc-txt/NewStuff,v 1.166 2010/06/05 09:10:09 pdp Exp $
+$Cambridge: exim/exim-doc/doc-txt/NewStuff,v 1.167 2010/06/05 10:04:43 pdp Exp $
New Features in Exim
--------------------
@@ -20,6 +20,12 @@
consequences for certain options, so these should not be changed
frivolously.
+ 2. A new pipe transport option, "permit_coredumps", may help with problem
+ diagnosis in some scenarios. Note that Exim is typically installed as
+ a setuid binary, which on most OSes will inhibit coredumps by default,
+ so that safety mechanism would have to be overriden for this option to
+ be able to take effect.
+
Version 4.72
------------
Index: deliver.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/deliver.c,v
retrieving revision 1.47
retrieving revision 1.48
diff -u -r1.47 -r1.48
--- deliver.c 16 Nov 2009 19:50:36 -0000 1.47
+++ deliver.c 5 Jun 2010 10:04:44 -0000 1.48
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/deliver.c,v 1.47 2009/11/16 19:50:36 nm4 Exp $ */
+/* $Cambridge: exim/exim-src/src/deliver.c,v 1.48 2010/06/05 10:04:44 pdp Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -1727,7 +1727,20 @@
HP-UX doesn't have RLIMIT_CORE; I don't know how to do this in that
system. Some experimental/developing systems (e.g. GNU/Hurd) may define
RLIMIT_CORE but not support it in setrlimit(). For such systems, do not
- complain if the error is "not supported". */
+ complain if the error is "not supported".
+
+ There are two scenarios where changing the max limit has an effect. In one,
+ the user is using a .forward and invoking a command of their choice via pipe;
+ for these, we do need the max limit to be 0 unless the admin chooses to
+ permit an increased limit. In the other, the command is invoked directly by
+ the transport and is under administrator control, thus being able to raise
+ the limit aids in debugging. So there's no general always-right answer.
+
+ Thus we inhibit core-dumps completely but let individual transports, while
+ still root, re-raise the limits back up to aid debugging. We make the
+ default be no core-dumps -- few enough people can use core dumps in
+ diagnosis that it's reasonable to make them something that has to be explicitly requested.
+ */
#ifdef RLIMIT_CORE
struct rlimit rl;
Index: pipe.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/transports/pipe.c,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- pipe.c 16 Nov 2009 19:50:39 -0000 1.14
+++ pipe.c 5 Jun 2010 10:04:44 -0000 1.15
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/transports/pipe.c,v 1.14 2009/11/16 19:50:39 nm4 Exp $ */
+/* $Cambridge: exim/exim-src/src/transports/pipe.c,v 1.15 2010/06/05 10:04:44 pdp Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -57,6 +57,8 @@
(void *)offsetof(pipe_transport_options_block, message_suffix) },
{ "path", opt_stringptr,
(void *)offsetof(pipe_transport_options_block, path) },
+ { "permit_coredump", opt_bool,
+ (void *)offsetof(pipe_transport_options_block, permit_coredump) },
{ "pipe_as_creator", opt_bool | opt_public,
(void *)offsetof(transport_instance, deliver_as_creator) },
{ "restrict_to_path", opt_bool,
@@ -110,6 +112,7 @@
0, /* options */
FALSE, /* freeze_exec_fail */
FALSE, /* ignore_status */
+ FALSE, /* permit_coredump */
FALSE, /* restrict_to_path */
FALSE, /* timeout_defer */
FALSE, /* use_shell */
@@ -127,7 +130,7 @@
/* Called for each delivery in the privileged state, just before the uid/gid
are changed and the main entry point is called. In a system that supports the
login_cap facilities, this function is used to set the class resource limits
-for the user.
+for the user. It may also re-enable coredumps.
Arguments:
tblock points to the transport instance
@@ -170,6 +173,24 @@
}
#endif
+#ifdef RLIMIT_CORE
+if (ob->permit_coredump)
+ {
+ struct rlimit rl;
+ rl.rlim_cur = RLIM_INFINITY;
+ rl.rlim_max = RLIM_INFINITY;
+ if (setrlimit(RLIMIT_CORE, &rl) < 0)
+ {
+#ifdef SETRLIMIT_NOT_SUPPORTED
+ if (errno != ENOSYS && errno != ENOTSUP)
+#endif
+ log_write(0, LOG_MAIN,
+ "delivery setrlimit(RLIMIT_CORE, RLIMI_INFINITY) failed: %s",
+ strerror(errno));
+ }
+ }
+#endif
+
return OK;
}
Index: pipe.h
===================================================================
RCS file: /home/cvs/exim/exim-src/src/transports/pipe.h,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- pipe.h 16 Nov 2009 19:56:54 -0000 1.7
+++ pipe.h 5 Jun 2010 10:04:44 -0000 1.8
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/transports/pipe.h,v 1.7 2009/11/16 19:56:54 nm4 Exp $ */
+/* $Cambridge: exim/exim-src/src/transports/pipe.h,v 1.8 2010/06/05 10:04:44 pdp Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -25,6 +25,7 @@
int options;
BOOL freeze_exec_fail;
BOOL ignore_status;
+ BOOL permit_coredump;
BOOL restrict_to_path;
BOOL timeout_defer;
BOOL use_shell;
