From 90b6341f7282beed1175e942a113c30c212425c9 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Thu, 16 Dec 2010 22:29:53 +0000 Subject: Turn TRUSTED_CONFIG_PREFIX_LIST into TRUSTED_CONFIG_LIST. No prefix or regexes --- src/src/EDITME | 15 +++++++-------- src/src/config.h.defaults | 2 +- src/src/exim.c | 34 ++++++++++++++++------------------ 3 files changed, 24 insertions(+), 27 deletions(-) (limited to 'src') diff --git a/src/src/EDITME b/src/src/EDITME index ade6a7cf0..1bb60be21 100644 --- a/src/src/EDITME +++ b/src/src/EDITME @@ -476,14 +476,13 @@ FIXED_NEVER_USERS=root # When a user other than root uses the -C option to override the configuration # file (including the Exim user when re-executing Exim to regain root # privileges for local message delivery), this will normally cause Exim to -# drop root privileges. The TRUSTED_CONFIG_PREFIX_LIST option, specifies -# a file which contains a list of trusted configuration prefixes (like the -# ALT_CONFIG_PREFIX above), one per line. If the -C option is used by the Exim -# user or by the user specified in the CONFIGURE_OWNER setting, to specify a -# configuration file which matches a trusted prefix, root privileges are not -# dropped by Exim. - -# TRUSTED_CONFIG_PREFIX_LIST=/usr/exim/trusted_configs +# drop root privileges. The TRUSTED_CONFIG_LIST option, specifies a file which +# contains a list of trusted configuration filenames, one per line. If the -C +# option is used by the Exim user or by the user specified in the +# CONFIGURE_OWNER setting, to specify a configuration file which is listed in +# the TRUSTED_CONFIG_LIST file, then root privileges are not dropped by Exim. + +# TRUSTED_CONFIG_LIST=/usr/exim/trusted_configs #------------------------------------------------------------------------------ diff --git a/src/src/config.h.defaults b/src/src/config.h.defaults index b4e2c6d9c..5cff6ad5f 100644 --- a/src/src/config.h.defaults +++ b/src/src/config.h.defaults @@ -13,7 +13,7 @@ in config.h unless some value is defined in Local/Makefile. If there is data, it's a default value. */ #define ALT_CONFIG_PREFIX -#define TRUSTED_CONFIG_PREFIX_LIST +#define TRUSTED_CONFIG_LIST #define APPENDFILE_MODE 0600 #define APPENDFILE_DIRECTORY_MODE 0700 diff --git a/src/src/exim.c b/src/src/exim.c index d50672151..dce42f0c4 100644 --- a/src/src/exim.c +++ b/src/src/exim.c @@ -1971,17 +1971,17 @@ for (i = 1; i < argc; i++) #endif if (real_uid != root_uid) { - #ifdef TRUSTED_CONFIG_PREFIX_LIST + #ifdef TRUSTED_CONFIG_LIST - if ((real_uid != exim_uid - #ifdef CONFIGURE_OWNER - && real_uid != config_uid - #endif - ) || Ustrstr(argrest, "/../")) + if (real_uid != exim_uid + #ifdef CONFIGURE_OWNER + && real_uid != config_uid + #endif + ) trusted_config = FALSE; else { - FILE *trust_list = Ufopen(TRUSTED_CONFIG_PREFIX_LIST, "rb"); + FILE *trust_list = Ufopen(TRUSTED_CONFIG_LIST, "rb"); if (trust_list) { struct stat statbuf; @@ -2007,8 +2007,8 @@ for (i = 1; i < argc; i++) { /* Well, the trust list at least is up to scratch... */ void *reset_point = store_get(0); - uschar *trusted_prefixes[32]; - int nr_prefixes = 0; + uschar *trusted_configs[32]; + int nr_configs = 0; int i = 0; while (Ufgets(big_buffer, big_buffer_size, trust_list)) @@ -2021,13 +2021,13 @@ for (i = 1; i < argc; i++) nl = Ustrchr(start, '\n'); if (nl) *nl = 0; - trusted_prefixes[nr_prefixes++] = string_copy(start); - if (nr_prefixes == 32) + trusted_configs[nr_configs++] = string_copy(start); + if (nr_configs == 32) break; } fclose(trust_list); - if (nr_prefixes) + if (nr_configs) { int sep = 0; uschar *list = argrest; @@ -2035,14 +2035,12 @@ for (i = 1; i < argc; i++) while (trusted_config && (filename = string_nextinlist(&list, &sep, big_buffer, big_buffer_size)) != NULL) { - for (i=0; i < nr_prefixes; i++) + for (i=0; i < nr_configs; i++) { - int len = Ustrlen(trusted_prefixes[i]); - if (Ustrlen(filename) >= len && - Ustrncmp(filename, trusted_prefixes[i], len) == 0) + if (Ustrcmp(filename, trusted_configs[i]) == 0) break; } - if (i == nr_prefixes) + if (i == nr_configs) { trusted_config = FALSE; break; @@ -3487,7 +3485,7 @@ if (removed_privilege && (!trusted_config || macros != NULL) && else log_write(0, LOG_MAIN|LOG_PANIC, "exim user lost privilege for using %s option", - (int)exim_uid, trusted_config? "-D" : "-C"); + trusted_config? "-D" : "-C"); } /* Start up Perl interpreter if Perl support is configured and there is a -- cgit v1.2.3