diff options
-rw-r--r-- | doc/doc-txt/ChangeLog | 6 | ||||
-rw-r--r-- | src/src/exim.c | 8 |
2 files changed, 12 insertions, 2 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 4c35fb6d1..b18bc053e 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -40,6 +40,12 @@ PP/04 CVE-2011-0017 - check return value of setuid/setgid. This is a PP/05 Bugzilla 1041: merged DCC maintainer's fixes for return code. (Wolfgang Breyha) +PP/06 Bugzilla 1071: fix delivery logging with untrusted macros. + If dropping privileges for untrusted macros, we disabled normal logging + on the basis that it would fail; for the Exim run-time user, this is not + the case, and it resulted in successful deliveries going unlogged. + Fixed. Reported by Andreas Metzler. + Exim version 4.73 ----------------- diff --git a/src/src/exim.c b/src/src/exim.c index f1c3199c3..e23697506 100644 --- a/src/src/exim.c +++ b/src/src/exim.c @@ -3338,9 +3338,13 @@ if (( /* EITHER */ and should be used for any logging information because attempts to write to the log will usually fail. To arrange this, we unset really_exim. However, if no stderr is available there is no point - we might as well have a go - at the log (if it fails, syslog will be written). */ + at the log (if it fails, syslog will be written). - if (log_stderr != NULL) really_exim = FALSE; + Note that if the invoker is Exim, the logs remain available. Messing with + this causes unlogged successful deliveries. */ + + if ((log_stderr != NULL) && (real_uid != exim_uid)) + really_exim = FALSE; } /* Privilege is to be retained for the moment. It may be dropped later, |