- rel 2; backport commandline_checks_require_admin option (workaround for holes like...

diff --git a/exim-commandline_checks_require_admin.patch b/exim-commandline_checks_require_admin.patch
new file mode 100644 (file)
index 0000000..c0d5f73
--- /dev/null
+++ b/exim-commandline_checks_require_admin.patch
@@ -0,0 +1,64 @@
+commit f33875c3a0a0ef03a2e53cfcd339791b793151f0
+Author: Phil Pennock <pdp@exim.org>
+Date:   Tue May 9 16:00:58 2017 -0400
+
+    Add option commandline_checks_require_admin
+    
+    May help with scenarios already so broken that bug report 2118 is
+    actually an issue (Wordpress vuln).
+
+diff --git a/src/src/exim.c b/src/src/exim.c
+index dcc84e3d..67583e58 100644
+--- a/src/src/exim.c
++++ b/src/src/exim.c
+@@ -3868,6 +3868,14 @@ else
+           trusted_caller = TRUE;
+   }
+ 
++/* At this point, we know if the user is privileged and some command-line
++options become possibly imperssible, depending upon the configuration file. */
++
++if (checking && commandline_checks_require_admin && !admin_user) {
++  fprintf(stderr, "exim: those command-line flags are set to require admin\n");
++  exit(EXIT_FAILURE);
++}
++
+ /* Handle the decoding of logging options. */
+ 
+ decode_bits(log_selector, log_selector_size, log_notall,
+diff --git a/src/src/globals.c b/src/src/globals.c
+index 46db4f37..9b455c9d 100644
+--- a/src/src/globals.c
++++ b/src/src/globals.c
+@@ -511,6 +511,7 @@ uschar *client_authenticated_id = NULL;
+ uschar *client_authenticated_sender = NULL;
+ int     clmacro_count          = 0;
+ uschar *clmacros[MAX_CLMACROS];
++BOOL    commandline_checks_require_admin = FALSE;
+ BOOL    config_changed         = FALSE;
+ FILE   *config_file            = NULL;
+ const uschar *config_filename  = NULL;
+diff --git a/src/src/globals.h b/src/src/globals.h
+index 63c9c29c..056f1c21 100644
+--- a/src/src/globals.h
++++ b/src/src/globals.h
+@@ -282,6 +282,7 @@ extern uschar *client_authenticated_id;     /* "login" name used for SMTP AUTH *
+ extern uschar *client_authenticated_sender; /* AUTH option to SMTP MAIL FROM (not yet used) */
+ extern int     clmacro_count;          /* Number of command line macros */
+ extern uschar *clmacros[];             /* Copy of them, for re-exec */
++extern BOOL    commandline_checks_require_admin; /* belt and braces for insecure setups */
+ extern int     connection_max_messages;/* Max down one SMTP connection */
+ extern BOOL    config_changed;         /* True if -C used */
+ extern FILE   *config_file;            /* Configuration file */
+diff --git a/src/src/readconf.c b/src/src/readconf.c
+index f43a3d16..95abaf5b 100644
+--- a/src/src/readconf.c
++++ b/src/src/readconf.c
+@@ -217,6 +217,7 @@ static optionlist optionlist_config[] = {
+   { "check_spool_inodes",       opt_int,         &check_spool_inodes },
+   { "check_spool_space",        opt_Kint,        &check_spool_space },
+   { "chunking_advertise_hosts", opt_stringptr,         &chunking_advertise_hosts },
++  { "commandline_checks_require_admin", opt_bool,&commandline_checks_require_admin },
+   { "daemon_smtp_port",         opt_stringptr|opt_hidden, &daemon_smtp_port },
+   { "daemon_smtp_ports",        opt_stringptr,   &daemon_smtp_port },
+   { "daemon_startup_retries",   opt_int,         &daemon_startup_retries },