[exim-cvs] Always init_lookup_list before readconf_main.

Top Page
Delete this message
Reply to this message
Author: Exim Git Commits Mailing List
Date:  
To: exim-cvs
Subject: [exim-cvs] Always init_lookup_list before readconf_main.
Gitweb: http://git.exim.org/exim.git/commitdiff/8829633f58b90fda03309f65e6c099ed031005e3
Commit:     8829633f58b90fda03309f65e6c099ed031005e3
Parent:     8dfac75958fa63fcc463075742f99ec6b1297b64
Author:     Phil Pennock <pdp@???>
AuthorDate: Sun Apr 22 20:35:02 2012 -0700
Committer:  Phil Pennock <pdp@???>
CommitDate: Sun Apr 22 20:35:02 2012 -0700


    Always init_lookup_list before readconf_main.


    This happens while still root.
    Be more emphatic in EDITME about the security implications of loadable modules.
---
 src/src/EDITME |   10 +++++++++-
 src/src/exim.c |   18 +++++++++++-------
 2 files changed, 20 insertions(+), 8 deletions(-)


diff --git a/src/src/EDITME b/src/src/EDITME
index fc57054..01faca2 100644
--- a/src/src/EDITME
+++ b/src/src/EDITME
@@ -248,11 +248,19 @@ TRANSPORT_SMTP=yes

#------------------------------------------------------------------------------
# See below for dynamic lookup modules.
-# LOOKUP_MODULE_DIR=/usr/lib/exim/lookups/
+#
# If not using package management but using this anyway, then think about how
# you perform upgrades and revert them. You should consider the benefit of
# embedding the Exim version number into LOOKUP_MODULE_DIR, so that you can
# maintain two concurrent sets of modules.
+#
+# *BEWARE*: ability to modify the files in LOOKUP_MODULE_DIR is equivalent to
+# the ability to modify the Exim binary, which is often setuid root! The Exim
+# developers only intend this functionality be used by OS software packagers
+# and we suggest that such packagings' integrity checks should be paranoid
+# about the permissions of the directory and the files within.
+
+# LOOKUP_MODULE_DIR=/usr/lib/exim/lookups/

 # To build a module dynamically, you'll need to define CFLAGS_DYNAMIC for
 # your platform.  Eg:
diff --git a/src/src/exim.c b/src/src/exim.c
index 8df6aed..90ecd06 100644
--- a/src/src/exim.c
+++ b/src/src/exim.c
@@ -3456,6 +3456,17 @@ if ((filter_test & FTEST_USER) != 0)
     }
   }


+/* Initialise lookup_list
+If debugging, already called above via version reporting.
+In either case, we initialise the list of available lookups while running
+as root. All dynamically modules are loaded from a directory which is
+hard-coded into the binary and is code which, if not a module, would be
+part of Exim already. Ability to modify the content of the directory
+is equivalent to the ability to modify a setuid binary!
+
+This needs to happen before we read the main configuration. */
+init_lookup_list();
+
/* Read the main runtime configuration data; this gives up if there
is a failure. It leaves the configuration file open so that the subsequent
configuration data for delivery can be read if needed. */
@@ -3644,13 +3655,6 @@ if (opt_perl_at_start && opt_perl_startup != NULL)
}
#endif /* EXIM_PERL */

-/* Initialise lookup_list
-If debugging, already called above via version reporting.
-This does mean that debugging causes the list to be initialised while root.
-This *should* be harmless -- all modules are loaded from a fixed dir and
-it's code that would, if not a module, be part of Exim already. */
-init_lookup_list();
-
/* Log the arguments of the call if the configuration file said so. This is
a debugging feature for finding out what arguments certain MUAs actually use.
Don't attempt it if logging is disabled, or if listing variables or if