summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorPhil Pennock <pdp@exim.org>2017-05-09 16:00:58 -0400
committerPhil Pennock <pdp@exim.org>2017-05-09 16:00:58 -0400
commitf33875c3a0a0ef03a2e53cfcd339791b793151f0 (patch)
tree109391b7ca17bfab48708c1c09ccc4b9502df204 /src
parentce889807c90746896f1310e9f4957215f46f7836 (diff)
Add option commandline_checks_require_admin
May help with scenarios already so broken that bug report 2118 is actually an issue (Wordpress vuln).
Diffstat (limited to 'src')
-rw-r--r--src/src/exim.c8
-rw-r--r--src/src/globals.c1
-rw-r--r--src/src/globals.h1
-rw-r--r--src/src/readconf.c1
4 files changed, 11 insertions, 0 deletions
diff --git a/src/src/exim.c b/src/src/exim.c
index dcc84e3d5..67583e584 100644
--- a/src/src/exim.c
+++ b/src/src/exim.c
@@ -3868,6 +3868,14 @@ else
trusted_caller = TRUE;
}
+/* At this point, we know if the user is privileged and some command-line
+options become possibly imperssible, depending upon the configuration file. */
+
+if (checking && commandline_checks_require_admin && !admin_user) {
+ fprintf(stderr, "exim: those command-line flags are set to require admin\n");
+ exit(EXIT_FAILURE);
+}
+
/* Handle the decoding of logging options. */
decode_bits(log_selector, log_selector_size, log_notall,
diff --git a/src/src/globals.c b/src/src/globals.c
index 46db4f373..9b455c9db 100644
--- a/src/src/globals.c
+++ b/src/src/globals.c
@@ -511,6 +511,7 @@ uschar *client_authenticated_id = NULL;
uschar *client_authenticated_sender = NULL;
int clmacro_count = 0;
uschar *clmacros[MAX_CLMACROS];
+BOOL commandline_checks_require_admin = FALSE;
BOOL config_changed = FALSE;
FILE *config_file = NULL;
const uschar *config_filename = NULL;
diff --git a/src/src/globals.h b/src/src/globals.h
index 63c9c29c7..056f1c213 100644
--- a/src/src/globals.h
+++ b/src/src/globals.h
@@ -282,6 +282,7 @@ extern uschar *client_authenticated_id; /* "login" name used for SMTP AUTH *
extern uschar *client_authenticated_sender; /* AUTH option to SMTP MAIL FROM (not yet used) */
extern int clmacro_count; /* Number of command line macros */
extern uschar *clmacros[]; /* Copy of them, for re-exec */
+extern BOOL commandline_checks_require_admin; /* belt and braces for insecure setups */
extern int connection_max_messages;/* Max down one SMTP connection */
extern BOOL config_changed; /* True if -C used */
extern FILE *config_file; /* Configuration file */
diff --git a/src/src/readconf.c b/src/src/readconf.c
index f43a3d163..95abaf5be 100644
--- a/src/src/readconf.c
+++ b/src/src/readconf.c
@@ -217,6 +217,7 @@ static optionlist optionlist_config[] = {
{ "check_spool_inodes", opt_int, &check_spool_inodes },
{ "check_spool_space", opt_Kint, &check_spool_space },
{ "chunking_advertise_hosts", opt_stringptr, &chunking_advertise_hosts },
+ { "commandline_checks_require_admin", opt_bool,&commandline_checks_require_admin },
{ "daemon_smtp_port", opt_stringptr|opt_hidden, &daemon_smtp_port },
{ "daemon_smtp_ports", opt_stringptr, &daemon_smtp_port },
{ "daemon_startup_retries", opt_int, &daemon_startup_retries },