[exim-cvs] Bug 1071: fix delivery logging with untrusted mac…

Góra strony
Delete this message
Reply to this message
Autor: Exim Git Commits Mailing List
Data:  
Dla: exim-cvs
Temat: [exim-cvs] Bug 1071: fix delivery logging with untrusted macros.
Gitweb: http://git.exim.org/exim.git/commitdiff/b7487bcec431809cb7fc3c2b42fcd607e43d37e7
Commit:     b7487bcec431809cb7fc3c2b42fcd607e43d37e7
Parent:     b70d25860f3e7dfe54ad69a5695a9bff7d380f08
Author:     Phil Pennock <pdp@???>
AuthorDate: Sun Jan 23 05:44:45 2011 -0500
Committer:  Phil Pennock <pdp@???>
CommitDate: Sun Jan 23 05:44:45 2011 -0500


    Bug 1071: fix delivery logging with untrusted macros.


    If dropping privileges for untrusted macros, we disabled normal logging
    on the basis that it would fail; for the Exim run-time user, this is not
    the case, and it resulted in successful deliveries going unlogged.
    Fixed.  Reported by Andreas Metzler.
---
 doc/doc-txt/ChangeLog |    6 ++++++
 src/src/exim.c        |    8 ++++++--
 2 files changed, 12 insertions(+), 2 deletions(-)


diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 4c35fb6..b18bc05 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -40,6 +40,12 @@ PP/04 CVE-2011-0017 - check return value of setuid/setgid. This is a
 PP/05 Bugzilla 1041: merged DCC maintainer's fixes for return code.
       (Wolfgang Breyha)


+PP/06 Bugzilla 1071: fix delivery logging with untrusted macros.
+      If dropping privileges for untrusted macros, we disabled normal logging
+      on the basis that it would fail; for the Exim run-time user, this is not
+      the case, and it resulted in successful deliveries going unlogged.
+      Fixed.  Reported by Andreas Metzler.
+


 Exim version 4.73
 -----------------
diff --git a/src/src/exim.c b/src/src/exim.c
index f1c3199..e236975 100644
--- a/src/src/exim.c
+++ b/src/src/exim.c
@@ -3338,9 +3338,13 @@ if ((                                            /* EITHER */
   and should be used for any logging information because attempts to write
   to the log will usually fail. To arrange this, we unset really_exim. However,
   if no stderr is available there is no point - we might as well have a go
-  at the log (if it fails, syslog will be written). */
+  at the log (if it fails, syslog will be written).


-  if (log_stderr != NULL) really_exim = FALSE;
+  Note that if the invoker is Exim, the logs remain available. Messing with
+  this causes unlogged successful deliveries.  */
+
+  if ((log_stderr != NULL) && (real_uid != exim_uid))
+    really_exim = FALSE;
   }


/* Privilege is to be retained for the moment. It may be dropped later,