(Bug 1044, CVE-2010-4345)
---
doc/doc-txt/ChangeLog | 5 +++++
src/src/exim.c | 2 --
src/src/globals.c | 2 ++
src/src/globals.h | 2 ++
src/src/readconf.c | 6 +++---
5 files changed, 12 insertions(+), 5 deletions(-)
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 99a6f17..0063c6b 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -78,6 +78,11 @@ DW/22 Bugzilla 1044: CVE-2010-4345 - partial fix: restrict default behaviour
of CONFIGURE_OWNER and CONFIGURE_GROUP options to no longer allow a
configuration file which is writeable by the Exim user or group.
+DW/23 Bugzilla 1044: CVE-2010-4345 - part two: extend checks for writeability
+ of configuration files to cover files specified with the -C option if
+ they are going to be used with root privileges, not just the default
+ configuration file.
+
Exim version 4.72
-----------------
diff --git a/src/src/exim.c b/src/src/exim.c
index 50950fa..2a480c4 100644
--- a/src/src/exim.c
+++ b/src/src/exim.c
@@ -1191,8 +1191,6 @@ BOOL queue_only_set = FALSE;
BOOL receiving_message = TRUE;
BOOL sender_ident_set = FALSE;
BOOL session_local_queue_only;
-BOOL unprivileged;
-BOOL removed_privilege = FALSE;
BOOL usage_wanted = FALSE;
BOOL verify_address_mode = FALSE;
BOOL verify_as_sender = FALSE;
diff --git a/src/src/globals.c b/src/src/globals.c
index 9b77d87..91b5fab 100644
--- a/src/src/globals.c
+++ b/src/src/globals.c
@@ -936,6 +936,7 @@ uschar *regex_match_string = NULL;
int remote_delivery_count = 0;
int remote_max_parallel = 2;
uschar *remote_sort_domains = NULL;
+BOOL removed_privilege = FALSE;
int retry_data_expire = 7*24*60*60;
int retry_interval_max = 24*60*60;
int retry_maximum_timeout = 0; /* set from retry config */
@@ -1274,6 +1275,7 @@ uschar *timezone_string = US TIMEZONE_DEFAULT;
uschar *unknown_login = NULL;
uschar *unknown_username = NULL;
+BOOL unprivileged;
uschar *untrusted_set_sender = NULL;
/* A regex for matching a "From_" line in an incoming message, in the form
diff --git a/src/src/globals.h b/src/src/globals.h
index d66880e..cf6c2e1 100644
--- a/src/src/globals.h
+++ b/src/src/globals.h
@@ -600,6 +600,7 @@ extern uschar *regex_match_string; /* regex that matched a line (regex ACL c
extern int remote_delivery_count; /* Number of remote addresses */
extern int remote_max_parallel; /* Maximum parallel delivery */
extern uschar *remote_sort_domains; /* Remote domain sorting order */
+extern BOOL removed_privilege; /* TRUE if we dropped root privs due to -C or -D options */
extern retry_config *retries; /* Chain of retry config information */
extern int retry_data_expire; /* When to expire retry data */
extern int retry_interval_max; /* Absolute maximum */
@@ -789,6 +790,7 @@ extern uschar *timezone_string; /* Required timezone setting */
extern uschar *unknown_login; /* To use when login id unknown */
extern uschar *unknown_username; /* Ditto */
+extern BOOL unprivileged; /* Exim started in unprivileged state */
extern uschar *untrusted_set_sender; /* Let untrusted users set these senders */
extern uschar *uucp_from_pattern; /* For recognizing "From " lines */
extern uschar *uucp_from_sender; /* For building the sender */
diff --git a/src/src/readconf.c b/src/src/readconf.c
index 414b7ae..1f6eca8 100644
--- a/src/src/readconf.c
+++ b/src/src/readconf.c
@@ -2874,10 +2874,10 @@ else
"configuration file %s", filename));
}
-/* Check the status of the file we have opened, unless it was specified on
-the command line, in which case privilege was given away at the start. */
+/* Check the status of the file we have opened, if we have retained root
+privileges. */
-if (!config_changed)
+if (!unprivileged && !removed_privilege)
{
if (fstat(fileno(config_file), &statbuf) != 0)
log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to stat configuration file %s",
--
1.7.3.2
