On 15/08/2022 10:21, Martin D Kealey via Exim-dev wrote:
> Even though lstat alone would work (proving the existence of the parent
> directory, the ability to traverse it, and the existence of the target
> filename), dsearch_open calls exim_opendir, and then immediately closes it,
> and then fails because the directory lacks 'r' permission. Natch!
>
> The comment above dsearch_open says "We open the directory to test whether
> it exists and whether it is searchable", but that's not actually true,
> because "readable" and "searchable" are two different things.
Seems a reasonable request for change; please open an item
at
https://bugs.exim.org/
> Is there any reason why dsearch_open shouldn't simply be an empty function
> that always succeeds?
The error message that it can return. Admittedly, we should probably modify
that to something like "cannot find dir %s" if we just lstat rather than
exim_opendir(). And we'll need an explicit taint check, like exim_opendir() does.
--
Cheers,
Jeremy
