]>
Commit | Line | Data |
---|---|---|
64e9b16f AM |
1 | commit f33875c3a0a0ef03a2e53cfcd339791b793151f0 |
2 | Author: Phil Pennock <pdp@exim.org> | |
3 | Date: Tue May 9 16:00:58 2017 -0400 | |
4 | ||
5 | Add option commandline_checks_require_admin | |
6 | ||
7 | May help with scenarios already so broken that bug report 2118 is | |
8 | actually an issue (Wordpress vuln). | |
9 | ||
10 | diff --git a/src/src/exim.c b/src/src/exim.c | |
11 | index dcc84e3d..67583e58 100644 | |
12 | --- a/src/src/exim.c | |
13 | +++ b/src/src/exim.c | |
14 | @@ -3868,6 +3868,14 @@ else | |
15 | trusted_caller = TRUE; | |
16 | } | |
17 | ||
18 | +/* At this point, we know if the user is privileged and some command-line | |
19 | +options become possibly imperssible, depending upon the configuration file. */ | |
20 | + | |
21 | +if (checking && commandline_checks_require_admin && !admin_user) { | |
22 | + fprintf(stderr, "exim: those command-line flags are set to require admin\n"); | |
23 | + exit(EXIT_FAILURE); | |
24 | +} | |
25 | + | |
26 | /* Handle the decoding of logging options. */ | |
27 | ||
28 | decode_bits(log_selector, log_selector_size, log_notall, | |
29 | diff --git a/src/src/globals.c b/src/src/globals.c | |
30 | index 46db4f37..9b455c9d 100644 | |
31 | --- a/src/src/globals.c | |
32 | +++ b/src/src/globals.c | |
33 | @@ -511,6 +511,7 @@ uschar *client_authenticated_id = NULL; | |
34 | uschar *client_authenticated_sender = NULL; | |
35 | int clmacro_count = 0; | |
36 | uschar *clmacros[MAX_CLMACROS]; | |
37 | +BOOL commandline_checks_require_admin = FALSE; | |
38 | BOOL config_changed = FALSE; | |
39 | FILE *config_file = NULL; | |
40 | const uschar *config_filename = NULL; | |
41 | diff --git a/src/src/globals.h b/src/src/globals.h | |
42 | index 63c9c29c..056f1c21 100644 | |
43 | --- a/src/src/globals.h | |
44 | +++ b/src/src/globals.h | |
45 | @@ -282,6 +282,7 @@ extern uschar *client_authenticated_id; /* "login" name used for SMTP AUTH * | |
46 | extern uschar *client_authenticated_sender; /* AUTH option to SMTP MAIL FROM (not yet used) */ | |
47 | extern int clmacro_count; /* Number of command line macros */ | |
48 | extern uschar *clmacros[]; /* Copy of them, for re-exec */ | |
49 | +extern BOOL commandline_checks_require_admin; /* belt and braces for insecure setups */ | |
50 | extern int connection_max_messages;/* Max down one SMTP connection */ | |
51 | extern BOOL config_changed; /* True if -C used */ | |
52 | extern FILE *config_file; /* Configuration file */ | |
53 | diff --git a/src/src/readconf.c b/src/src/readconf.c | |
54 | index f43a3d16..95abaf5b 100644 | |
55 | --- a/src/src/readconf.c | |
56 | +++ b/src/src/readconf.c | |
57 | @@ -217,6 +217,7 @@ static optionlist optionlist_config[] = { | |
58 | { "check_spool_inodes", opt_int, &check_spool_inodes }, | |
59 | { "check_spool_space", opt_Kint, &check_spool_space }, | |
60 | { "chunking_advertise_hosts", opt_stringptr, &chunking_advertise_hosts }, | |
61 | + { "commandline_checks_require_admin", opt_bool,&commandline_checks_require_admin }, | |
62 | { "daemon_smtp_port", opt_stringptr|opt_hidden, &daemon_smtp_port }, | |
63 | { "daemon_smtp_ports", opt_stringptr, &daemon_smtp_port }, | |
64 | { "daemon_startup_retries", opt_int, &daemon_startup_retries }, |