[exim-cvs] cvs commit: exim/exim-doc/doc-txt ChangeLog NewSt…

Pàgina inicial
Delete this message
Reply to this message
Autor: Phil Pennock
Data:  
A: exim-cvs
Assumpte: [exim-cvs] cvs commit: exim/exim-doc/doc-txt ChangeLog NewStuff exim/exim-src/src EDITME buildconfig.c exim.c
pdp 2010/06/06 03:46:13 BST

  Modified files:
    exim-doc/doc-txt     ChangeLog NewStuff 
    exim-src/src         EDITME buildconfig.c exim.c 
  Log:
  No longer permit the exim user to be root.  Fixes: #752


  Revision  Changes    Path
  1.626     +2 -0      exim/exim-doc/doc-txt/ChangeLog
  1.172     +12 -0     exim/exim-doc/doc-txt/NewStuff
  1.26      +1 -2      exim/exim-src/src/EDITME
  1.16      +14 -0     exim/exim-src/src/buildconfig.c
  1.69      +6 -0      exim/exim-src/src/exim.c


  Index: ChangeLog
  ===================================================================
  RCS file: /home/cvs/exim/exim-doc/doc-txt/ChangeLog,v
  retrieving revision 1.625
  retrieving revision 1.626
  diff -u -r1.625 -r1.626
  --- ChangeLog    6 Jun 2010 02:08:50 -0000    1.625
  +++ ChangeLog    6 Jun 2010 02:46:13 -0000    1.626
  @@ -1,4 +1,4 @@
  -$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.625 2010/06/06 02:08:50 pdp Exp $
  +$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.626 2010/06/06 02:46:13 pdp Exp $


Change log file for Exim from version 4.21
-------------------------------------------
@@ -40,6 +40,8 @@

PP/12 Bugzilla 973: Implement --version.

+PP/13 Bugzilla 752: Refuse to build/run if Exim user is root/0.
+

Exim version 4.72
-----------------

  Index: NewStuff
  ===================================================================
  RCS file: /home/cvs/exim/exim-doc/doc-txt/NewStuff,v
  retrieving revision 1.171
  retrieving revision 1.172
  diff -u -r1.171 -r1.172
  --- NewStuff    6 Jun 2010 01:35:41 -0000    1.171
  +++ NewStuff    6 Jun 2010 02:46:13 -0000    1.172
  @@ -1,4 +1,4 @@
  -$Cambridge: exim/exim-doc/doc-txt/NewStuff,v 1.171 2010/06/06 01:35:41 pdp Exp $
  +$Cambridge: exim/exim-doc/doc-txt/NewStuff,v 1.172 2010/06/06 02:46:13 pdp Exp $


   New Features in Exim
   --------------------
  @@ -63,6 +63,18 @@
         control = debug/opts=+expand+acl
         control = debug/tag=.$message_exim_id/opts=+expand


  + 7. It has always been implicit in the design and the documentation that
  +    "the Exim user" is not root.  src/EDITME said that using root was
  +    "very strongly discouraged".  This is not enough to keep people from
  +    shooting themselves in the foot in days when many don't configure Exim
  +    themselves but via package build managers.  The security consequences of
  +    running various bits of network code are severe if there should be bugs in
  +    them.  As such, the Exim user may no longer be root.  If configured
  +    statically, Exim will refuse to build.  If configured as ref:user then Exim
  +    will exit shortly after start-up.  If you must shoot yourself in the foot,
  +    then henceforth you will have to maintain your own local patches to strip
  +    the safeties off.
  +


Version 4.72
------------

  Index: EDITME
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/EDITME,v
  retrieving revision 1.25
  retrieving revision 1.26
  diff -u -r1.25 -r1.26
  --- EDITME    5 Jun 2010 11:13:29 -0000    1.25
  +++ EDITME    6 Jun 2010 02:46:13 -0000    1.26
  @@ -1,4 +1,4 @@
  -# $Cambridge: exim/exim-src/src/EDITME,v 1.25 2010/06/05 11:13:29 pdp Exp $
  +# $Cambridge: exim/exim-src/src/EDITME,v 1.26 2010/06/06 02:46:13 pdp Exp $


   ##################################################
   #          The Exim mail transport agent         #
  @@ -131,8 +131,7 @@
   # group that is used for Exim processes when they no longer need to be root. In
   # particular, this applies when receiving messages and when doing remote
   # deliveries. (Local deliveries run as various non-root users, typically as the
  -# owner of a local mailbox.) Specifying these values as root is very strongly
  -# discouraged.
  +# owner of a local mailbox.) Specifying these values as root is not supported.


EXIM_USER=


  Index: buildconfig.c
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/buildconfig.c,v
  retrieving revision 1.15
  retrieving revision 1.16
  diff -u -r1.15 -r1.16
  --- buildconfig.c    16 Nov 2009 19:50:36 -0000    1.15
  +++ buildconfig.c    6 Jun 2010 02:46:13 -0000    1.16
  @@ -1,4 +1,4 @@
  -/* $Cambridge: exim/exim-src/src/buildconfig.c,v 1.15 2009/11/16 19:50:36 nm4 Exp $ */
  +/* $Cambridge: exim/exim-src/src/buildconfig.c,v 1.16 2010/06/06 02:46:13 pdp Exp $ */


   /*************************************************
   *     Exim - an Internet mail transport agent    *
  @@ -356,6 +356,7 @@
       uid_t uid = 0;
       gid_t gid = 0;
       int gid_set = 0;
  +    int uid_not_set = 0;
       char *username = NULL;
       char *groupname = NULL;
       char *s;
  @@ -410,6 +411,7 @@
         while (isspace(*user)) user++;
         username = user;
         gid_set = 1;
  +      uid_not_set = 1;
         }


       else
  @@ -503,6 +505,18 @@
         return 1;
         }


  +    /* security sanity checks
  +    if ref: is being used, we can never be sure, but we can take reasonable
  +    steps to filter out the most obvious ones.  */
  +
  +    if ((!uid_not_set && uid == 0) ||
  +        (strcmp(username, "root") == 0) ||
  +        (strcmp(username, "toor") == 0) )
  +      {
  +      printf("\n*** Exim's internal user must not be root.\n\n");
  +      return 1;
  +      }
  +
       /* Output user and group names or uid/gid. When names are set, uid/gid
       are set to zero but will be replaced at runtime. */



  Index: exim.c
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/exim.c,v
  retrieving revision 1.68
  retrieving revision 1.69
  diff -u -r1.68 -r1.69
  --- exim.c    6 Jun 2010 02:08:50 -0000    1.68
  +++ exim.c    6 Jun 2010 02:46:13 -0000    1.69
  @@ -1,4 +1,4 @@
  -/* $Cambridge: exim/exim-src/src/exim.c,v 1.68 2010/06/06 02:08:50 pdp Exp $ */
  +/* $Cambridge: exim/exim-src/src/exim.c,v 1.69 2010/06/06 02:46:13 pdp Exp $ */


   /*************************************************
   *     Exim - an Internet mail transport agent    *
  @@ -1234,6 +1234,12 @@
   #ifdef EXIM_USERNAME
   if (route_finduser(US EXIM_USERNAME, &pw, &exim_uid))
     {
  +  if (exim_uid == 0)
  +    {
  +    fprintf(stderr, "exim: refusing to run with uid 0 for \"%s\"\n",
  +      EXIM_USERNAME);
  +    exit(EXIT_FAILURE);
  +    }
     exim_gid = pw->pw_gid;
     }
   else