From 64e9b16f3fdcec87fd70eba6a1b95791c00f5ca9 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Arkadiusz=20Mi=C5=9Bkiewicz?= Date: Wed, 10 May 2017 08:19:43 +0200 Subject: [PATCH] - rel 2; backport commandline_checks_require_admin option (workaround for holes like last one in wordpress) --- exim-commandline_checks_require_admin.patch | 64 +++++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 exim-commandline_checks_require_admin.patch diff --git a/exim-commandline_checks_require_admin.patch b/exim-commandline_checks_require_admin.patch new file mode 100644 index 0000000..c0d5f73 --- /dev/null +++ b/exim-commandline_checks_require_admin.patch @@ -0,0 +1,64 @@ +commit f33875c3a0a0ef03a2e53cfcd339791b793151f0 +Author: Phil Pennock +Date: Tue May 9 16:00:58 2017 -0400 + + Add option commandline_checks_require_admin + + May help with scenarios already so broken that bug report 2118 is + actually an issue (Wordpress vuln). + +diff --git a/src/src/exim.c b/src/src/exim.c +index dcc84e3d..67583e58 100644 +--- a/src/src/exim.c ++++ b/src/src/exim.c +@@ -3868,6 +3868,14 @@ else + trusted_caller = TRUE; + } + ++/* At this point, we know if the user is privileged and some command-line ++options become possibly imperssible, depending upon the configuration file. */ ++ ++if (checking && commandline_checks_require_admin && !admin_user) { ++ fprintf(stderr, "exim: those command-line flags are set to require admin\n"); ++ exit(EXIT_FAILURE); ++} ++ + /* Handle the decoding of logging options. */ + + decode_bits(log_selector, log_selector_size, log_notall, +diff --git a/src/src/globals.c b/src/src/globals.c +index 46db4f37..9b455c9d 100644 +--- a/src/src/globals.c ++++ b/src/src/globals.c +@@ -511,6 +511,7 @@ uschar *client_authenticated_id = NULL; + uschar *client_authenticated_sender = NULL; + int clmacro_count = 0; + uschar *clmacros[MAX_CLMACROS]; ++BOOL commandline_checks_require_admin = FALSE; + BOOL config_changed = FALSE; + FILE *config_file = NULL; + const uschar *config_filename = NULL; +diff --git a/src/src/globals.h b/src/src/globals.h +index 63c9c29c..056f1c21 100644 +--- a/src/src/globals.h ++++ b/src/src/globals.h +@@ -282,6 +282,7 @@ extern uschar *client_authenticated_id; /* "login" name used for SMTP AUTH * + extern uschar *client_authenticated_sender; /* AUTH option to SMTP MAIL FROM (not yet used) */ + extern int clmacro_count; /* Number of command line macros */ + extern uschar *clmacros[]; /* Copy of them, for re-exec */ ++extern BOOL commandline_checks_require_admin; /* belt and braces for insecure setups */ + extern int connection_max_messages;/* Max down one SMTP connection */ + extern BOOL config_changed; /* True if -C used */ + extern FILE *config_file; /* Configuration file */ +diff --git a/src/src/readconf.c b/src/src/readconf.c +index f43a3d16..95abaf5b 100644 +--- a/src/src/readconf.c ++++ b/src/src/readconf.c +@@ -217,6 +217,7 @@ static optionlist optionlist_config[] = { + { "check_spool_inodes", opt_int, &check_spool_inodes }, + { "check_spool_space", opt_Kint, &check_spool_space }, + { "chunking_advertise_hosts", opt_stringptr, &chunking_advertise_hosts }, ++ { "commandline_checks_require_admin", opt_bool,&commandline_checks_require_admin }, + { "daemon_smtp_port", opt_stringptr|opt_hidden, &daemon_smtp_port }, + { "daemon_smtp_ports", opt_stringptr, &daemon_smtp_port }, + { "daemon_startup_retries", opt_int, &daemon_startup_retries }, -- 2.44.0