From 74935b987fd0312f535747fea636883ae22fec77 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Wed, 15 Dec 2010 13:47:46 +0000 Subject: Allow only Exim or CONFIGURE_OWNER to use whitelisted configs with -C We only added TRUSTED_CONFIG_PREFIX_FILE to compensate for the enforcing of ALT_CONFIG_ROOT_ONLY. Let's not open it up any further than we need to; other users don't get to make use of it. --- src/src/EDITME | 5 +++-- src/src/exim.c | 6 +++++- 2 files changed, 8 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/src/EDITME b/src/src/EDITME index d093eb690..ade6a7cf0 100644 --- a/src/src/EDITME +++ b/src/src/EDITME @@ -478,8 +478,9 @@ FIXED_NEVER_USERS=root # privileges for local message delivery), this will normally cause Exim to # drop root privileges. The TRUSTED_CONFIG_PREFIX_LIST option, specifies # a file which contains a list of trusted configuration prefixes (like the -# ALT_CONFIG_PREFIX above), one per line. If the -C option is used to specify -# a configuration file which matches a trusted prefix, root privileges are not +# ALT_CONFIG_PREFIX above), one per line. If the -C option is used by the Exim +# user or by the user specified in the CONFIGURE_OWNER setting, to specify a +# configuration file which matches a trusted prefix, root privileges are not # dropped by Exim. # TRUSTED_CONFIG_PREFIX_LIST=/usr/exim/trusted_configs diff --git a/src/src/exim.c b/src/src/exim.c index 749868231..d50672151 100644 --- a/src/src/exim.c +++ b/src/src/exim.c @@ -1973,7 +1973,11 @@ for (i = 1; i < argc; i++) { #ifdef TRUSTED_CONFIG_PREFIX_LIST - if (Ustrstr(argrest, "/../")) + if ((real_uid != exim_uid + #ifdef CONFIGURE_OWNER + && real_uid != config_uid + #endif + ) || Ustrstr(argrest, "/../")) trusted_config = FALSE; else { -- cgit v1.2.3