https://bugs.exim.org/show_bug.cgi?id=2738
Bug ID: 2738
Summary: PID file no longer created
Product: Exim
Version: 4.93
Hardware: x86-64
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: General execution
Assignee: unallocated@???
Reporter: tim@???
CC: exim-dev@???
Since the latest release, no PID file is created in /run/exim4/exim.pid when
Exim is run.
No local configuration changes have been made between the working and
non-working versions. The command line arguments are '/usr/sbin/exim4 -bd
-q30m', and there are no PID-related configuration arguments set.
I presume this is related to the fix for CVE-2020-28014: 'An attacker who
obtained the privileges of the "exim" user can abuse the -oP
override_pid_file_path option to create (or overwrite) an arbitrary file, as
root'.
If this new behaviour is intentional, then the documentation may need updating.
This is on Ubuntu 20.04, exim version 4.93-13ubuntu1.5. Version
4.93-13ubuntu1.1 (released in May 2020) works correctly.
Thanks!
--
You are receiving this mail because:
You are on the CC list for the bug.