[exim-dev] [Bug 2738] New: PID file no longer created

Page principale
Supprimer ce message
Répondre à ce message
Auteur: admin
Date:  
À: exim-dev
Sujet: [exim-dev] [Bug 2738] New: PID file no longer created
https://bugs.exim.org/show_bug.cgi?id=2738

            Bug ID: 2738
           Summary: PID file no longer created
           Product: Exim
           Version: 4.93
          Hardware: x86-64
                OS: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: General execution
          Assignee: unallocated@???
          Reporter: tim@???
                CC: exim-dev@???


Since the latest release, no PID file is created in /run/exim4/exim.pid when
Exim is run.

No local configuration changes have been made between the working and
non-working versions. The command line arguments are '/usr/sbin/exim4 -bd
-q30m', and there are no PID-related configuration arguments set.

I presume this is related to the fix for CVE-2020-28014: 'An attacker who
obtained the privileges of the "exim" user can abuse the -oP
override_pid_file_path option to create (or overwrite) an arbitrary file, as
root'.

If this new behaviour is intentional, then the documentation may need updating.

This is on Ubuntu 20.04, exim version 4.93-13ubuntu1.5. Version
4.93-13ubuntu1.1 (released in May 2020) works correctly.

Thanks!

--
You are receiving this mail because:
You are on the CC list for the bug.