-. $Cambridge: exim/doc/doc-docbook/spec.xfpt,v 1.75 2010/06/05 09:10:08 pdp Exp $
+. $Cambridge: exim/doc/doc-docbook/spec.xfpt,v 1.76 2010/06/05 10:04:43 pdp Exp $
.
. /////////////////////////////////////////////////////////////////////////////
. This is the primary source of the Exim Manual. It is an xfpt document that is
apply to a command specified as a transport filter.
+.option permit_coredump pipe boolean false
+Normally Exim inhibits core-dumps during delivery. If you have a need to get
+a core-dump of a pipe command, enable this command. This enables core-dumps
+during delivery and affects both the Exim binary and the pipe command run.
+It is recommended that this option remain off unless and until you have a need
+for it and that this only be enabled when needed, as the risk of excessive
+resource consumption can be quite high. Note also that Exim is typically
+installed as a setuid binary and most operating systems will inhibit coredumps
+of these by default, so further OS-specific action may be required.
+
+
.option pipe_as_creator pipe boolean false
.cindex "uid (user id)" "local delivery"
If the generic &%user%& option is not set and this option is true, the delivery
-$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.617 2010/06/05 09:10:09 pdp Exp $
+$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.618 2010/06/05 10:04:43 pdp Exp $
Change log file for Exim from version 4.21
-------------------------------------------
PP/03 Bugzilla 994: added openssl_options main configuration option.
+PP/04 Bugzilla 995: provide better SSL diagnostics on failed reads.
+
+PP/05 Bugzilla 834: provide a permit_codedump option for pipe transports.
+
Exim version 4.72
-----------------
-$Cambridge: exim/doc/doc-txt/NewStuff,v 1.166 2010/06/05 09:10:09 pdp Exp $
+$Cambridge: exim/doc/doc-txt/NewStuff,v 1.167 2010/06/05 10:04:43 pdp Exp $
New Features in Exim
--------------------
consequences for certain options, so these should not be changed
frivolously.
+ 2. A new pipe transport option, "permit_coredumps", may help with problem
+ diagnosis in some scenarios. Note that Exim is typically installed as
+ a setuid binary, which on most OSes will inhibit coredumps by default,
+ so that safety mechanism would have to be overriden for this option to
+ be able to take effect.
+
Version 4.72
------------
-/* $Cambridge: exim/src/src/deliver.c,v 1.47 2009/11/16 19:50:36 nm4 Exp $ */
+/* $Cambridge: exim/src/src/deliver.c,v 1.48 2010/06/05 10:04:44 pdp Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
HP-UX doesn't have RLIMIT_CORE; I don't know how to do this in that
system. Some experimental/developing systems (e.g. GNU/Hurd) may define
RLIMIT_CORE but not support it in setrlimit(). For such systems, do not
- complain if the error is "not supported". */
+ complain if the error is "not supported".
+
+ There are two scenarios where changing the max limit has an effect. In one,
+ the user is using a .forward and invoking a command of their choice via pipe;
+ for these, we do need the max limit to be 0 unless the admin chooses to
+ permit an increased limit. In the other, the command is invoked directly by
+ the transport and is under administrator control, thus being able to raise
+ the limit aids in debugging. So there's no general always-right answer.
+
+ Thus we inhibit core-dumps completely but let individual transports, while
+ still root, re-raise the limits back up to aid debugging. We make the
+ default be no core-dumps -- few enough people can use core dumps in
+ diagnosis that it's reasonable to make them something that has to be explicitly requested.
+ */
#ifdef RLIMIT_CORE
struct rlimit rl;
-/* $Cambridge: exim/src/src/transports/pipe.c,v 1.14 2009/11/16 19:50:39 nm4 Exp $ */
+/* $Cambridge: exim/src/src/transports/pipe.c,v 1.15 2010/06/05 10:04:44 pdp Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
(void *)offsetof(pipe_transport_options_block, message_suffix) },
{ "path", opt_stringptr,
(void *)offsetof(pipe_transport_options_block, path) },
+ { "permit_coredump", opt_bool,
+ (void *)offsetof(pipe_transport_options_block, permit_coredump) },
{ "pipe_as_creator", opt_bool | opt_public,
(void *)offsetof(transport_instance, deliver_as_creator) },
{ "restrict_to_path", opt_bool,
0, /* options */
FALSE, /* freeze_exec_fail */
FALSE, /* ignore_status */
+ FALSE, /* permit_coredump */
FALSE, /* restrict_to_path */
FALSE, /* timeout_defer */
FALSE, /* use_shell */
/* Called for each delivery in the privileged state, just before the uid/gid
are changed and the main entry point is called. In a system that supports the
login_cap facilities, this function is used to set the class resource limits
-for the user.
+for the user. It may also re-enable coredumps.
Arguments:
tblock points to the transport instance
}
#endif
+#ifdef RLIMIT_CORE
+if (ob->permit_coredump)
+ {
+ struct rlimit rl;
+ rl.rlim_cur = RLIM_INFINITY;
+ rl.rlim_max = RLIM_INFINITY;
+ if (setrlimit(RLIMIT_CORE, &rl) < 0)
+ {
+#ifdef SETRLIMIT_NOT_SUPPORTED
+ if (errno != ENOSYS && errno != ENOTSUP)
+#endif
+ log_write(0, LOG_MAIN,
+ "delivery setrlimit(RLIMIT_CORE, RLIMI_INFINITY) failed: %s",
+ strerror(errno));
+ }
+ }
+#endif
+
return OK;
}
-/* $Cambridge: exim/src/src/transports/pipe.h,v 1.7 2009/11/16 19:56:54 nm4 Exp $ */
+/* $Cambridge: exim/src/src/transports/pipe.h,v 1.8 2010/06/05 10:04:44 pdp Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
int options;
BOOL freeze_exec_fail;
BOOL ignore_status;
+ BOOL permit_coredump;
BOOL restrict_to_path;
BOOL timeout_defer;
BOOL use_shell;
projects / exim.git / commitdiff