[exim-cvs] only drop privs for TLS if still root

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
 
 
Delete this message
Reply to this message
Author: Exim Git Commits Mailing List
Date:  
To: exim-cvs
Subject: [exim-cvs] only drop privs for TLS if still root
Gitweb: http://git.exim.org/exim.git/commitdiff/1d7a353eb367991d8de63c32efa64f8224f3089f
Commit:     1d7a353eb367991d8de63c32efa64f8224f3089f
Parent:     78e0c7a37f084eee9198cf8585a00e6e2aefeb04
Author:     Phil Pennock <pdp@???>
AuthorDate: Sun May 20 22:58:18 2012 -0400
Committer:  Phil Pennock <pdp@???>
CommitDate: Sun May 20 22:58:18 2012 -0400


    only drop privs for TLS if still root
---
 src/src/readconf.c |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)


diff --git a/src/src/readconf.c b/src/src/readconf.c
index bddb74c..3235d45 100644
--- a/src/src/readconf.c
+++ b/src/src/readconf.c
@@ -2805,8 +2805,10 @@ if ((pid = fork()) < 0) 

 if (pid == 0)
   {
-  exim_setugid(exim_uid, exim_gid, FALSE,
-      US"calling tls_validate_require_cipher");
+  /* in some modes, will have dropped privilege already */
+  if (!geteuid())
+    exim_setugid(exim_uid, exim_gid, FALSE,
+        US"calling tls_validate_require_cipher");


errmsg = tls_validate_require_cipher();
if (errmsg)

This message was posted to the following mailing lists:
exim-cvs
Mailing List Info | Nearby Messages		<-[exim-cvs] Update docs for latest state of TLS affairs.[exim-cvs] features.h; tls_validate_require_cipher: log flag & tests->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)