diff options
| author | Phil Pennock <pdp@exim.org> | 2010-12-15 02:43:33 -0500 |
|---|---|---|
| committer | David Woodhouse <David.Woodhouse@intel.com> | 2010-12-15 12:22:36 +0000 |
| commit | 66581d1e830f4e68f2b074b8d79a80645c6a72ea (patch) | |
| tree | 0f7a20c09654e711d4882d4278cf27de37faa08a /src | |
| parent | 2cfd322193567dbbeca47b0fc0ee2836f46e2600 (diff) | |
Implement -D whitelist invoking user restriction.
Document WHITELIST_D_MACROS.
Diffstat (limited to 'src')
| -rw-r--r-- | src/src/exim.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/src/src/exim.c b/src/src/exim.c index f50a62b94..749868231 100644 --- a/src/src/exim.c +++ b/src/src/exim.c @@ -1159,6 +1159,21 @@ if (macros == NULL) return FALSE; #else +/* We only trust -D overrides for some invoking users: +root, the exim run-time user, the optional config owner user. +I don't know why config-owner would be needed, but since they can own the +config files anyway, there's no security risk to letting them override -D. */ +if ( ! ((real_uid == root_uid) + || (real_uid == exim_uid) +#ifdef CONFIGURE_OWNER + || (real_uid == config_uid) +#endif + )) + { + debug_printf("macros_trusted rejecting macros for uid %d\n", (int) real_uid); + return FALSE; + } + /* Get a list of macros which are whitelisted */ whitelisted = string_copy_malloc(US WHITELIST_D_MACROS); prev_char_item = FALSE; |