summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPhil Pennock <pdp@exim.org>2010-06-05 10:04:43 +0000
committerPhil Pennock <pdp@exim.org>2010-06-05 10:04:43 +0000
commita29e5231ac02b045d8fdd5610abac3c38131366f (patch)
tree7437df3e4cf0bf522644d639e83e5cb3f9809b92
parent89dd51cd40dadd2a3eae7de7057be3fa5ccefc8f (diff)
Add permit_coredump pipe transport option. Fixes: #834
-rw-r--r--doc/doc-docbook/spec.xfpt13
-rw-r--r--doc/doc-txt/ChangeLog6
-rw-r--r--doc/doc-txt/NewStuff8
-rw-r--r--src/src/deliver.c17
-rw-r--r--src/src/transports/pipe.c25
-rw-r--r--src/src/transports/pipe.h3
6 files changed, 64 insertions, 8 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 493c55445..2a69fcf59 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -1,4 +1,4 @@
-. $Cambridge: exim/doc/doc-docbook/spec.xfpt,v 1.75 2010/06/05 09:10:08 pdp Exp $
+. $Cambridge: exim/doc/doc-docbook/spec.xfpt,v 1.76 2010/06/05 10:04:43 pdp Exp $
.
. /////////////////////////////////////////////////////////////////////////////
. This is the primary source of the Exim Manual. It is an xfpt document that is
@@ -21075,6 +21075,17 @@ sought in the PATH directories, in the usual way. &*Warning*&: This does not
apply to a command specified as a transport filter.
+.option permit_coredump pipe boolean false
+Normally Exim inhibits core-dumps during delivery. If you have a need to get
+a core-dump of a pipe command, enable this command. This enables core-dumps
+during delivery and affects both the Exim binary and the pipe command run.
+It is recommended that this option remain off unless and until you have a need
+for it and that this only be enabled when needed, as the risk of excessive
+resource consumption can be quite high. Note also that Exim is typically
+installed as a setuid binary and most operating systems will inhibit coredumps
+of these by default, so further OS-specific action may be required.
+
+
.option pipe_as_creator pipe boolean false
.cindex "uid (user id)" "local delivery"
If the generic &%user%& option is not set and this option is true, the delivery
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 3ed3aa8c7..72f799a36 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -1,4 +1,4 @@
-$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.617 2010/06/05 09:10:09 pdp Exp $
+$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.618 2010/06/05 10:04:43 pdp Exp $
Change log file for Exim from version 4.21
-------------------------------------------
@@ -16,6 +16,10 @@ JJ/01 Added DISABLE_DKIM and comment to src/EDITME
PP/03 Bugzilla 994: added openssl_options main configuration option.
+PP/04 Bugzilla 995: provide better SSL diagnostics on failed reads.
+
+PP/05 Bugzilla 834: provide a permit_codedump option for pipe transports.
+
Exim version 4.72
-----------------
diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff
index 589bc5397..c2c49379f 100644
--- a/doc/doc-txt/NewStuff
+++ b/doc/doc-txt/NewStuff
@@ -1,4 +1,4 @@
-$Cambridge: exim/doc/doc-txt/NewStuff,v 1.166 2010/06/05 09:10:09 pdp Exp $
+$Cambridge: exim/doc/doc-txt/NewStuff,v 1.167 2010/06/05 10:04:43 pdp Exp $
New Features in Exim
--------------------
@@ -20,6 +20,12 @@ Version 4.73
consequences for certain options, so these should not be changed
frivolously.
+ 2. A new pipe transport option, "permit_coredumps", may help with problem
+ diagnosis in some scenarios. Note that Exim is typically installed as
+ a setuid binary, which on most OSes will inhibit coredumps by default,
+ so that safety mechanism would have to be overriden for this option to
+ be able to take effect.
+
Version 4.72
------------
diff --git a/src/src/deliver.c b/src/src/deliver.c
index 1e1f5a528..941fec043 100644
--- a/src/src/deliver.c
+++ b/src/src/deliver.c
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/deliver.c,v 1.47 2009/11/16 19:50:36 nm4 Exp $ */
+/* $Cambridge: exim/src/src/deliver.c,v 1.48 2010/06/05 10:04:44 pdp Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -1727,7 +1727,20 @@ if ((pid = fork()) == 0)
HP-UX doesn't have RLIMIT_CORE; I don't know how to do this in that
system. Some experimental/developing systems (e.g. GNU/Hurd) may define
RLIMIT_CORE but not support it in setrlimit(). For such systems, do not
- complain if the error is "not supported". */
+ complain if the error is "not supported".
+
+ There are two scenarios where changing the max limit has an effect. In one,
+ the user is using a .forward and invoking a command of their choice via pipe;
+ for these, we do need the max limit to be 0 unless the admin chooses to
+ permit an increased limit. In the other, the command is invoked directly by
+ the transport and is under administrator control, thus being able to raise
+ the limit aids in debugging. So there's no general always-right answer.
+
+ Thus we inhibit core-dumps completely but let individual transports, while
+ still root, re-raise the limits back up to aid debugging. We make the
+ default be no core-dumps -- few enough people can use core dumps in
+ diagnosis that it's reasonable to make them something that has to be explicitly requested.
+ */
#ifdef RLIMIT_CORE
struct rlimit rl;
diff --git a/src/src/transports/pipe.c b/src/src/transports/pipe.c
index 35048258e..2464abd14 100644
--- a/src/src/transports/pipe.c
+++ b/src/src/transports/pipe.c
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/transports/pipe.c,v 1.14 2009/11/16 19:50:39 nm4 Exp $ */
+/* $Cambridge: exim/src/src/transports/pipe.c,v 1.15 2010/06/05 10:04:44 pdp Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -57,6 +57,8 @@ optionlist pipe_transport_options[] = {
(void *)offsetof(pipe_transport_options_block, message_suffix) },
{ "path", opt_stringptr,
(void *)offsetof(pipe_transport_options_block, path) },
+ { "permit_coredump", opt_bool,
+ (void *)offsetof(pipe_transport_options_block, permit_coredump) },
{ "pipe_as_creator", opt_bool | opt_public,
(void *)offsetof(transport_instance, deliver_as_creator) },
{ "restrict_to_path", opt_bool,
@@ -110,6 +112,7 @@ pipe_transport_options_block pipe_transport_option_defaults = {
0, /* options */
FALSE, /* freeze_exec_fail */
FALSE, /* ignore_status */
+ FALSE, /* permit_coredump */
FALSE, /* restrict_to_path */
FALSE, /* timeout_defer */
FALSE, /* use_shell */
@@ -127,7 +130,7 @@ pipe_transport_options_block pipe_transport_option_defaults = {
/* Called for each delivery in the privileged state, just before the uid/gid
are changed and the main entry point is called. In a system that supports the
login_cap facilities, this function is used to set the class resource limits
-for the user.
+for the user. It may also re-enable coredumps.
Arguments:
tblock points to the transport instance
@@ -170,6 +173,24 @@ if (ob->use_classresources)
}
#endif
+#ifdef RLIMIT_CORE
+if (ob->permit_coredump)
+ {
+ struct rlimit rl;
+ rl.rlim_cur = RLIM_INFINITY;
+ rl.rlim_max = RLIM_INFINITY;
+ if (setrlimit(RLIMIT_CORE, &rl) < 0)
+ {
+#ifdef SETRLIMIT_NOT_SUPPORTED
+ if (errno != ENOSYS && errno != ENOTSUP)
+#endif
+ log_write(0, LOG_MAIN,
+ "delivery setrlimit(RLIMIT_CORE, RLIMI_INFINITY) failed: %s",
+ strerror(errno));
+ }
+ }
+#endif
+
return OK;
}
diff --git a/src/src/transports/pipe.h b/src/src/transports/pipe.h
index cdb10af7d..da141c0d1 100644
--- a/src/src/transports/pipe.h
+++ b/src/src/transports/pipe.h
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/transports/pipe.h,v 1.7 2009/11/16 19:56:54 nm4 Exp $ */
+/* $Cambridge: exim/src/src/transports/pipe.h,v 1.8 2010/06/05 10:04:44 pdp Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -25,6 +25,7 @@ typedef struct {
int options;
BOOL freeze_exec_fail;
BOOL ignore_status;
+ BOOL permit_coredump;
BOOL restrict_to_path;
BOOL timeout_defer;
BOOL use_shell;