summaryrefslogtreecommitdiff
path: root/src/scripts
diff options
context:
space:
mode:
authorHeiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>2021-03-14 12:16:57 +0100
committerHeiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>2021-05-27 21:30:41 +0200
commit186e99bafcf8dbc53f9a25ea26998cab9b091a62 (patch)
tree4d8ff298fc5fd11cd232ee620b33ead1190e53dc /src/scripts
parent6552729ba7975985cbcb938cf4ecf7b54e395763 (diff)
CVE-2020-28008: Assorted attacks in Exim's spool directory
We patch dbfn_open() by introducing two functions priv_drop_temp() and priv_restore() (inspired by OpenSSH's functions temporarily_use_uid() and restore_uid()), which temporarily drop and restore root privileges thanks to seteuid(). This goes against Exim's developers' wishes ("Exim (the project) doesn't trust seteuid to work reliably") but, to the best of our knowledge, seteuid() works everywhere and is the only way to securely fix dbfn_open(). (cherry picked from commit 18da59151dbafa89be61c63580bdb295db36e374) (cherry picked from commit b05dc3573f4cd476482374b0ac0393153d344338)
Diffstat (limited to 'src/scripts')
0 files changed, 0 insertions, 0 deletions