[packages/exim.git] / exim-commandline_checks_require_admin.patch

commit f33875c3a0a0ef03a2e53cfcd339791b793151f0
Author: Phil Pennock <pdp@exim.org>
Date:   Tue May 9 16:00:58 2017 -0400

    Add option commandline_checks_require_admin
    
    May help with scenarios already so broken that bug report 2118 is
    actually an issue (Wordpress vuln).

diff --git a/src/src/exim.c b/src/src/exim.c
index dcc84e3d..67583e58 100644
--- a/src/src/exim.c
+++ b/src/src/exim.c
@@ -3868,6 +3868,14 @@ else
           trusted_caller = TRUE;
   }
 
+/* At this point, we know if the user is privileged and some command-line
+options become possibly imperssible, depending upon the configuration file. */
+
+if (checking && commandline_checks_require_admin && !admin_user) {
+  fprintf(stderr, "exim: those command-line flags are set to require admin\n");
+  exit(EXIT_FAILURE);
+}
+
 /* Handle the decoding of logging options. */
 
 decode_bits(log_selector, log_selector_size, log_notall,
diff --git a/src/src/globals.c b/src/src/globals.c
index 46db4f37..9b455c9d 100644
--- a/src/src/globals.c
+++ b/src/src/globals.c
@@ -511,6 +511,7 @@ uschar *client_authenticated_id = NULL;
 uschar *client_authenticated_sender = NULL;
 int     clmacro_count          = 0;
 uschar *clmacros[MAX_CLMACROS];
+BOOL    commandline_checks_require_admin = FALSE;
 BOOL    config_changed         = FALSE;
 FILE   *config_file            = NULL;
 const uschar *config_filename  = NULL;
diff --git a/src/src/globals.h b/src/src/globals.h
index 63c9c29c..056f1c21 100644
--- a/src/src/globals.h
+++ b/src/src/globals.h
@@ -282,6 +282,7 @@ extern uschar *client_authenticated_id;     /* "login" name used for SMTP AUTH *
 extern uschar *client_authenticated_sender; /* AUTH option to SMTP MAIL FROM (not yet used) */
 extern int     clmacro_count;          /* Number of command line macros */
 extern uschar *clmacros[];             /* Copy of them, for re-exec */
+extern BOOL    commandline_checks_require_admin; /* belt and braces for insecure setups */
 extern int     connection_max_messages;/* Max down one SMTP connection */
 extern BOOL    config_changed;         /* True if -C used */
 extern FILE   *config_file;            /* Configuration file */
diff --git a/src/src/readconf.c b/src/src/readconf.c
index f43a3d16..95abaf5b 100644
--- a/src/src/readconf.c
+++ b/src/src/readconf.c
@@ -217,6 +217,7 @@ static optionlist optionlist_config[] = {
   { "check_spool_inodes",       opt_int,         &check_spool_inodes },
   { "check_spool_space",        opt_Kint,        &check_spool_space },
   { "chunking_advertise_hosts", opt_stringptr,	 &chunking_advertise_hosts },
+  { "commandline_checks_require_admin", opt_bool,&commandline_checks_require_admin },
   { "daemon_smtp_port",         opt_stringptr|opt_hidden, &daemon_smtp_port },
   { "daemon_smtp_ports",        opt_stringptr,   &daemon_smtp_port },
   { "daemon_startup_retries",   opt_int,         &daemon_startup_retries },
Commit	Line	Data
64e9b16f AM	1	commit f33875c3a0a0ef03a2e53cfcd339791b793151f0
	2	Author: Phil Pennock <pdp@exim.org>
	3	Date: Tue May 9 16:00:58 2017 -0400
	4
	5	Add option commandline_checks_require_admin
	6
	7	May help with scenarios already so broken that bug report 2118 is
	8	actually an issue (Wordpress vuln).
	9
	10	diff --git a/src/src/exim.c b/src/src/exim.c
	11	index dcc84e3d..67583e58 100644
	12	--- a/src/src/exim.c
	13	+++ b/src/src/exim.c
	14	@@ -3868,6 +3868,14 @@ else
	15	trusted_caller = TRUE;
	16	}
	17
	18	+/* At this point, we know if the user is privileged and some command-line
	19	+options become possibly imperssible, depending upon the configuration file. */
	20	+
	21	+if (checking && commandline_checks_require_admin && !admin_user) {
	22	+ fprintf(stderr, "exim: those command-line flags are set to require admin\n");
	23	+ exit(EXIT_FAILURE);
	24	+}
	25	+
	26	/* Handle the decoding of logging options. */
	27
	28	decode_bits(log_selector, log_selector_size, log_notall,
	29	diff --git a/src/src/globals.c b/src/src/globals.c
	30	index 46db4f37..9b455c9d 100644
	31	--- a/src/src/globals.c
	32	+++ b/src/src/globals.c
	33	@@ -511,6 +511,7 @@ uschar *client_authenticated_id = NULL;
	34	uschar *client_authenticated_sender = NULL;
	35	int clmacro_count = 0;
	36	uschar *clmacros[MAX_CLMACROS];
	37	+BOOL commandline_checks_require_admin = FALSE;
	38	BOOL config_changed = FALSE;
	39	FILE *config_file = NULL;
	40	const uschar *config_filename = NULL;
	41	diff --git a/src/src/globals.h b/src/src/globals.h
	42	index 63c9c29c..056f1c21 100644
	43	--- a/src/src/globals.h
	44	+++ b/src/src/globals.h
	45	@@ -282,6 +282,7 @@ extern uschar client_authenticated_id; / "login" name used for SMTP AUTH *
	46	extern uschar client_authenticated_sender; / AUTH option to SMTP MAIL FROM (not yet used) */
	47	extern int clmacro_count; /* Number of command line macros */
	48	extern uschar clmacros[]; / Copy of them, for re-exec */
	49	+extern BOOL commandline_checks_require_admin; /* belt and braces for insecure setups */
	50	extern int connection_max_messages;/* Max down one SMTP connection */
	51	extern BOOL config_changed; /* True if -C used */
	52	extern FILE config_file; / Configuration file */
	53	diff --git a/src/src/readconf.c b/src/src/readconf.c
	54	index f43a3d16..95abaf5b 100644
	55	--- a/src/src/readconf.c
	56	+++ b/src/src/readconf.c
	57	@@ -217,6 +217,7 @@ static optionlist optionlist_config[] = {
	58	{ "check_spool_inodes", opt_int, &check_spool_inodes },
	59	{ "check_spool_space", opt_Kint, &check_spool_space },
	60	{ "chunking_advertise_hosts", opt_stringptr, &chunking_advertise_hosts },
	61	+ { "commandline_checks_require_admin", opt_bool,&commandline_checks_require_admin },
	62	{ "daemon_smtp_port", opt_stringptr\|opt_hidden, &daemon_smtp_port },
	63	{ "daemon_smtp_ports", opt_stringptr, &daemon_smtp_port },
	64	{ "daemon_startup_retries", opt_int, &daemon_startup_retries },