summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPhilip Hazel <ph10@hermes.cam.ac.uk>2004-10-15 13:21:21 +0000
committerPhilip Hazel <ph10@hermes.cam.ac.uk>2004-10-15 13:21:21 +0000
commitb668c215565aa08fe21c3d637c9868b1b8a649ce (patch)
tree95c34b58808292ed5b53fac3f673375ff31a58b3
parentfff2b308eab3069ec5e7cbeaf205d59285040821 (diff)
Disable SIGUSR1 for all non-exim subprocesses run from Exim (previously,
only the queryprogram case handled this right).
-rw-r--r--doc/doc-txt/ChangeLog8
-rw-r--r--src/src/child.c25
2 files changed, 18 insertions, 15 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index f57ab6c3f..17264e69d 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -1,4 +1,4 @@
-$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.5 2004/10/14 14:52:45 ph10 Exp $
+$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.6 2004/10/15 13:21:21 ph10 Exp $
Change log file for Exim from version 4.21
-------------------------------------------
@@ -19,6 +19,12 @@ Exim version 4.44
4. Give more explanation in the error message when the command for a transport
filter fails to execute.
+ 5. There are several places where Exim runs a non-Exim command in a
+ subprocess. The SIGUSR1 signal should be disabled for these processes. This
+ was being done only for the command run by the queryprogram router. It is
+ now done for all such subprocesses. The other cases are: ${run, transport
+ filters, and the commands run by the lmtp and pipe transports.
+
Exim version 4.43
-----------------
diff --git a/src/src/child.c b/src/src/child.c
index 1c48a4e4c..cf426e465 100644
--- a/src/src/child.c
+++ b/src/src/child.c
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/child.c,v 1.1 2004/10/07 10:39:01 ph10 Exp $ */
+/* $Cambridge: exim/src/src/child.c,v 1.2 2004/10/15 13:21:21 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -247,7 +247,9 @@ them to the caller. The standard error is cloned to the output. If there are
any file descriptors "in the way" in the new process, they are closed. A new
umask is supplied for the process, and an optional new uid and gid are also
available. These are used by the queryprogram router to set an unprivileged id.
-The function returns the pid of the new process, or -1 if things go wrong.
+SIGUSR1 is always disabled in the new process, as it is not going to be running
+Exim (the function child_open_exim() is provided for that). This function
+returns the pid of the new process, or -1 if things go wrong.
Arguments:
argv the argv for exec in the new process
@@ -261,7 +263,7 @@ Arguments:
process is placed
wd if not NULL, a path to be handed to chdir() in the new process
make_leader if TRUE, make the new process a process group leader
-
+
Returns: the pid of the created process or -1 if anything has gone wrong
*/
@@ -308,16 +310,11 @@ if (pid == 0)
close(2);
dup2(1, 2);
- /* Set the required environment. If changing uid, ensure that
- SIGUSR1 is ignored, as the process won't have the privilege to
- write to the process log. */
+ /* Set the required environment. */
+ signal(SIGUSR1, SIG_IGN);
if (newgid != NULL && setgid(*newgid) < 0) goto CHILD_FAILED;
- if (newuid != NULL)
- {
- signal(SIGUSR1, SIG_IGN);
- if (setuid(*newuid) < 0) goto CHILD_FAILED;
- }
+ if (newuid != NULL && setuid(*newuid) < 0) goto CHILD_FAILED;
(void)umask(newumask);
/* Set the working directory if required */
@@ -369,9 +366,9 @@ return (pid_t)(-1);
*************************************************/
/* This function is a wrapper for child_open_uid() that doesn't have the uid,
-gid, and working directory changing arguments. It is provided so as to have a
-clean interface for use from local_scan(), but also saves writing NULL
-arguments in other calls.
+gid and working directory changing arguments. The function is provided so as to
+have a clean interface for use from local_scan(), but also saves writing NULL
+arguments several calls that would otherwise use child_open_uid().
Arguments:
argv the argv for exec in the new process