diff options
author | Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> | 2021-03-14 12:16:57 +0100 |
---|---|---|
committer | Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> | 2021-05-27 21:30:41 +0200 |
commit | 186e99bafcf8dbc53f9a25ea26998cab9b091a62 (patch) | |
tree | 4d8ff298fc5fd11cd232ee620b33ead1190e53dc /test/stderr/0402 | |
parent | 6552729ba7975985cbcb938cf4ecf7b54e395763 (diff) |
CVE-2020-28008: Assorted attacks in Exim's spool directory
We patch dbfn_open() by introducing two functions priv_drop_temp() and
priv_restore() (inspired by OpenSSH's functions temporarily_use_uid()
and restore_uid()), which temporarily drop and restore root privileges
thanks to seteuid(). This goes against Exim's developers' wishes ("Exim
(the project) doesn't trust seteuid to work reliably") but, to the best
of our knowledge, seteuid() works everywhere and is the only way to
securely fix dbfn_open().
(cherry picked from commit 18da59151dbafa89be61c63580bdb295db36e374)
(cherry picked from commit b05dc3573f4cd476482374b0ac0393153d344338)
Diffstat (limited to 'test/stderr/0402')
0 files changed, 0 insertions, 0 deletions