diff options
Diffstat (limited to 'debian/patches/75_23-Do-not-close-the-main-_log-if-we-do-not-see-a-chance.patch')
| -rw-r--r-- | debian/patches/75_23-Do-not-close-the-main-_log-if-we-do-not-see-a-chance.patch | 166 |
1 files changed, 166 insertions, 0 deletions
diff --git a/debian/patches/75_23-Do-not-close-the-main-_log-if-we-do-not-see-a-chance.patch b/debian/patches/75_23-Do-not-close-the-main-_log-if-we-do-not-see-a-chance.patch new file mode 100644 index 0000000..12d9163 --- /dev/null +++ b/debian/patches/75_23-Do-not-close-the-main-_log-if-we-do-not-see-a-chance.patch @@ -0,0 +1,166 @@ +From 235c7030ee9ee1c1aad507786506a470b580bfe2 Mon Sep 17 00:00:00 2001 +From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de> +Date: Fri, 23 Apr 2021 22:41:57 +0200 +Subject: [PATCH 23/23] Do not close the (main)_log, if we do not see a chance + to open it again. + +The process doing local deliveries runs as an unprivileged user. If this +process needs to log failures or warnings (as caused by the +is_tainting2() function), it can't re-open the main_log and just exits. +--- + src/log.c | 84 ++++++++++++++++----------------- + src/transports/appendfile.c | 6 +++ + 2 files changed, 47 insertions(+), 43 deletions(-) + +diff --git a/src/log.c b/src/log.c +index 7ef7074ec..c2ef698e7 100644 +--- a/src/log.c ++++ b/src/log.c +@@ -646,18 +646,36 @@ return total_written; + } + + +- +-static void +-set_file_path(void) ++void ++set_file_path(BOOL *multiple) + { ++uschar *s; + int sep = ':'; /* Fixed separator - outside use */ +-uschar *t; +-const uschar *tt = US LOG_FILE_PATH; +-while ((t = string_nextinlist(&tt, &sep, log_buffer, LOG_BUFFER_SIZE))) ++uschar *ss = *log_file_path ? log_file_path : LOG_FILE_PATH; ++ ++logging_mode = 0; ++while ((s = string_nextinlist(&ss, &sep, log_buffer, LOG_BUFFER_SIZE))) + { +- if (Ustrcmp(t, "syslog") == 0 || t[0] == 0) continue; +- file_path = string_copy(t); +- break; ++ if (Ustrcmp(s, "syslog") == 0) ++ logging_mode |= LOG_MODE_SYSLOG; ++ else if (logging_mode & LOG_MODE_FILE) /* we know a file already */ ++ { ++ if (multiple) *multiple = TRUE; ++ } ++ else ++ { ++ logging_mode |= LOG_MODE_FILE; ++ ++ /* If a non-empty path is given, use it */ ++ ++ if (*s) ++ file_path = string_copy(s); ++ ++ /* If the path is empty, we want to use the first non-empty, non- ++ syslog item in LOG_FILE_PATH, if there is one, since the value of ++ log_file_path may have been set at runtime. If there is no such item, ++ use the ultimate default in the spool directory. */ ++ } + } + } + +@@ -665,7 +683,11 @@ while ((t = string_nextinlist(&tt, &sep, log_buffer, LOG_BUFFER_SIZE))) + void + mainlog_close(void) + { +-if (mainlogfd < 0) return; ++/* avoid closing it if it is closed already or if we do not see a chance ++to open the file mainlog later again */ ++if (mainlogfd < 0 /* already closed */ ++ || !(geteuid() == 0 || geteuid() == exim_uid)) ++ return; + (void)close(mainlogfd); + mainlogfd = -1; + mainlog_inode = 0; +@@ -780,38 +802,7 @@ if (!path_inspected) + /* If nothing has been set, don't waste effort... the default values for the + statics are file_path="" and logging_mode = LOG_MODE_FILE. */ + +- if (*log_file_path) +- { +- int sep = ':'; /* Fixed separator - outside use */ +- uschar *s; +- const uschar *ss = log_file_path; +- +- logging_mode = 0; +- while ((s = string_nextinlist(&ss, &sep, log_buffer, LOG_BUFFER_SIZE))) +- { +- if (Ustrcmp(s, "syslog") == 0) +- logging_mode |= LOG_MODE_SYSLOG; +- else if (logging_mode & LOG_MODE_FILE) +- multiple = TRUE; +- else +- { +- logging_mode |= LOG_MODE_FILE; +- +- /* If a non-empty path is given, use it */ +- +- if (*s) +- file_path = string_copy(s); +- +- /* If the path is empty, we want to use the first non-empty, non- +- syslog item in LOG_FILE_PATH, if there is one, since the value of +- log_file_path may have been set at runtime. If there is no such item, +- use the ultimate default in the spool directory. */ +- +- else +- set_file_path(); /* Empty item in log_file_path */ +- } /* First non-syslog item in log_file_path */ +- } /* Scan of log_file_path */ +- } ++ if (*log_file_path) set_file_path(&multiple); + + /* If no modes have been selected, it is a major disaster */ + +@@ -1431,7 +1422,7 @@ if (opts) + resulting in certain setup not having been done. Hack this for now so we + do not segfault; note that nondefault log locations will not work */ + +-if (!*file_path) set_file_path(); ++if (!*file_path) set_file_path(NULL); + + open_log(&fd, lt_debug, tag_name); + +@@ -1453,5 +1444,12 @@ debug_file = NULL; + unlink_log(lt_debug); + } + ++void ++open_logs(const char *m) ++{ ++set_file_path(NULL); ++open_log(&mainlogfd, lt_main, 0); ++open_log(&rejectlogfd, lt_reject, 0); ++} + + /* End of log.c */ +diff --git a/src/transports/appendfile.c b/src/transports/appendfile.c +index 6772b338b..706af6dde 100644 +--- a/src/transports/appendfile.c ++++ b/src/transports/appendfile.c +@@ -217,6 +217,9 @@ Arguments: + Returns: OK, FAIL, or DEFER + */ + ++void ++openlogs(); ++ + static int + appendfile_transport_setup(transport_instance *tblock, address_item *addrlist, + transport_feedback *dummy, uid_t uid, gid_t gid, uschar **errmsg) +@@ -231,6 +234,9 @@ dummy = dummy; + uid = uid; + gid = gid; + ++/* we can't wait until we're not privileged anymore */ ++open_logs("appendfile"); ++ + if (ob->expand_maildir_use_size_file) + ob->maildir_use_size_file = expand_check_condition(ob->expand_maildir_use_size_file, + US"`maildir_use_size_file` in transport", tblock->name); +-- +2.30.2 + |