Add permit_coredump pipe transport option. Fixes: #834

author: Phil Pennock <pdp@exim.org> 2010-06-05 10:04:43 +0000
committer: Phil Pennock <pdp@exim.org> 2010-06-05 10:04:43 +0000
commit: a29e5231ac02b045d8fdd5610abac3c38131366f (patch)
tree: 7437df3e4cf0bf522644d639e83e5cb3f9809b92 /src
parent: 89dd51cd40dadd2a3eae7de7057be3fa5ccefc8f (diff)
3 files changed, 40 insertions, 5 deletions
diff --git a/src/src/deliver.c b/src/src/deliver.c
index 1e1f5a528..941fec043 100644
--- a/src/src/deliver.c
+++ b/src/src/deliver.c
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/deliver.c,v 1.47 2009/11/16 19:50:36 nm4 Exp $ */
+/* $Cambridge: exim/src/src/deliver.c,v 1.48 2010/06/05 10:04:44 pdp Exp $ */
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
@@ -1727,7 +1727,20 @@ if ((pid = fork()) == 0)
   HP-UX doesn't have RLIMIT_CORE; I don't know how to do this in that
   system. Some experimental/developing systems (e.g. GNU/Hurd) may define
   RLIMIT_CORE but not support it in setrlimit(). For such systems, do not
-  complain if the error is "not supported". */
+  complain if the error is "not supported".
+
+  There are two scenarios where changing the max limit has an effect.  In one,
+  the user is using a .forward and invoking a command of their choice via pipe;
+  for these, we do need the max limit to be 0 unless the admin chooses to
+  permit an increased limit.  In the other, the command is invoked directly by
+  the transport and is under administrator control, thus being able to raise
+  the limit aids in debugging.  So there's no general always-right answer.
+
+  Thus we inhibit core-dumps completely but let individual transports, while
+  still root, re-raise the limits back up to aid debugging.  We make the
+  default be no core-dumps -- few enough people can use core dumps in
+  diagnosis that it's reasonable to make them something that has to be explicitly requested.
+  */
 
   #ifdef RLIMIT_CORE
   struct rlimit rl;
diff --git a/src/src/transports/pipe.c b/src/src/transports/pipe.c
index 35048258e..2464abd14 100644
--- a/src/src/transports/pipe.c
+++ b/src/src/transports/pipe.c
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/transports/pipe.c,v 1.14 2009/11/16 19:50:39 nm4 Exp $ */
+/* $Cambridge: exim/src/src/transports/pipe.c,v 1.15 2010/06/05 10:04:44 pdp Exp $ */
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
@@ -57,6 +57,8 @@ optionlist pipe_transport_options[] = {
       (void *)offsetof(pipe_transport_options_block, message_suffix) },
   { "path",              opt_stringptr,
       (void *)offsetof(pipe_transport_options_block, path) },
+  { "permit_coredump",   opt_bool,
+      (void *)offsetof(pipe_transport_options_block, permit_coredump) },
   { "pipe_as_creator",   opt_bool | opt_public,
       (void *)offsetof(transport_instance, deliver_as_creator) },
   { "restrict_to_path",  opt_bool,
@@ -110,6 +112,7 @@ pipe_transport_options_block pipe_transport_option_defaults = {
   0,              /* options */
   FALSE,          /* freeze_exec_fail */
   FALSE,          /* ignore_status */
+  FALSE,          /* permit_coredump */
   FALSE,          /* restrict_to_path */
   FALSE,          /* timeout_defer */
   FALSE,          /* use_shell */
@@ -127,7 +130,7 @@ pipe_transport_options_block pipe_transport_option_defaults = {
 /* Called for each delivery in the privileged state, just before the uid/gid
 are changed and the main entry point is called. In a system that supports the
 login_cap facilities, this function is used to set the class resource limits
-for the user.
+for the user.  It may also re-enable coredumps.
 
 Arguments:
   tblock     points to the transport instance
@@ -170,6 +173,24 @@ if (ob->use_classresources)
   }
 #endif
 
+#ifdef RLIMIT_CORE
+if (ob->permit_coredump)
+  {
+  struct rlimit rl;
+  rl.rlim_cur = RLIM_INFINITY;
+  rl.rlim_max = RLIM_INFINITY;
+  if (setrlimit(RLIMIT_CORE, &rl) < 0)
+    {
+#ifdef SETRLIMIT_NOT_SUPPORTED
+    if (errno != ENOSYS && errno != ENOTSUP)
+#endif
+      log_write(0, LOG_MAIN,
+          "delivery setrlimit(RLIMIT_CORE, RLIMI_INFINITY) failed: %s",
+          strerror(errno));
+    }
+  }
+#endif
+
 return OK;
 }
 
diff --git a/src/src/transports/pipe.h b/src/src/transports/pipe.h
index cdb10af7d..da141c0d1 100644
--- a/src/src/transports/pipe.h
+++ b/src/src/transports/pipe.h
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/transports/pipe.h,v 1.7 2009/11/16 19:56:54 nm4 Exp $ */
+/* $Cambridge: exim/src/src/transports/pipe.h,v 1.8 2010/06/05 10:04:44 pdp Exp $ */
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
@@ -25,6 +25,7 @@ typedef struct {
   int   options;
   BOOL  freeze_exec_fail;
   BOOL  ignore_status;
+  BOOL  permit_coredump;
   BOOL  restrict_to_path;
   BOOL  timeout_defer;
   BOOL  use_shell;
author	Phil Pennock <pdp@exim.org>	2010-06-05 10:04:43 +0000
committer	Phil Pennock <pdp@exim.org>	2010-06-05 10:04:43 +0000
commit	a29e5231ac02b045d8fdd5610abac3c38131366f (patch)
tree	7437df3e4cf0bf522644d639e83e5cb3f9809b92 /src
parent	89dd51cd40dadd2a3eae7de7057be3fa5ccefc8f (diff)