Disable SIGUSR1 for all non-exim subprocesses run from Exim (previously,

only the queryprogram case handled this right).

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index f57ab6c3fba51e1ccc6733f74e1d045ee091fb7b..17264e69d14fee387c7af1b28f8cec18209b9d00 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -1,4 +1,4 @@
-$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.5 2004/10/14 14:52:45 ph10 Exp $
+$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.6 2004/10/15 13:21:21 ph10 Exp $

 
 Change log file for Exim from version 4.21
 -------------------------------------------
 
 Change log file for Exim from version 4.21
 -------------------------------------------


@@ -19,6 +19,12 @@ Exim version 4.44
  4. Give more explanation in the error message when the command for a transport
     filter fails to execute.
 
  4. Give more explanation in the error message when the command for a transport
     filter fails to execute.
 

+ 5. There are several places where Exim runs a non-Exim command in a
+    subprocess. The SIGUSR1 signal should be disabled for these processes. This
+    was being done only for the command run by the queryprogram router. It is
+    now done for all such subprocesses. The other cases are: ${run, transport
+    filters, and the commands run by the lmtp and pipe transports.
+

 
 Exim version 4.43
 -----------------
 
 Exim version 4.43
 -----------------

diff --git a/src/src/child.c b/src/src/child.c
index 1c48a4e4c845792bbb95ce595500d701502406ef..cf426e465001b75b803978b3d19c165fb35938a0 100644 (file)
--- a/src/src/child.c
+++ b/src/src/child.c
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/child.c,v 1.1 2004/10/07 10:39:01 ph10 Exp $ */
+/* $Cambridge: exim/src/src/child.c,v 1.2 2004/10/15 13:21:21 ph10 Exp $ */

 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *


@@ -247,7 +247,9 @@ them to the caller. The standard error is cloned to the output. If there are
 any file descriptors "in the way" in the new process, they are closed. A new
 umask is supplied for the process, and an optional new uid and gid are also
 available. These are used by the queryprogram router to set an unprivileged id.
 any file descriptors "in the way" in the new process, they are closed. A new
 umask is supplied for the process, and an optional new uid and gid are also
 available. These are used by the queryprogram router to set an unprivileged id.

-The function returns the pid of the new process, or -1 if things go wrong.
+SIGUSR1 is always disabled in the new process, as it is not going to be running
+Exim (the function child_open_exim() is provided for that). This function
+returns the pid of the new process, or -1 if things go wrong.

 
 Arguments:
   argv        the argv for exec in the new process
 
 Arguments:
   argv        the argv for exec in the new process


@@ -261,7 +263,7 @@ Arguments:
                 process is placed
   wd          if not NULL, a path to be handed to chdir() in the new process
   make_leader if TRUE, make the new process a process group leader
                 process is placed
   wd          if not NULL, a path to be handed to chdir() in the new process
   make_leader if TRUE, make the new process a process group leader

-
+  

 Returns:      the pid of the created process or -1 if anything has gone wrong
 */
 
 Returns:      the pid of the created process or -1 if anything has gone wrong
 */
 


@@ -308,16 +310,11 @@ if (pid == 0)
   close(2);
   dup2(1, 2);
 
   close(2);
   dup2(1, 2);
 

-  /* Set the required environment. If changing uid, ensure that
-  SIGUSR1 is ignored, as the process won't have the privilege to
-  write to the process log. */
+  /* Set the required environment. */

 
 

+  signal(SIGUSR1, SIG_IGN);

   if (newgid != NULL && setgid(*newgid) < 0) goto CHILD_FAILED;
   if (newgid != NULL && setgid(*newgid) < 0) goto CHILD_FAILED;

-  if (newuid != NULL)
-    {
-    signal(SIGUSR1, SIG_IGN);
-    if (setuid(*newuid) < 0) goto CHILD_FAILED;
-    }
+  if (newuid != NULL && setuid(*newuid) < 0) goto CHILD_FAILED;

   (void)umask(newumask);
 
   /* Set the working directory if required */
   (void)umask(newumask);
 
   /* Set the working directory if required */


@@ -369,9 +366,9 @@ return (pid_t)(-1);
 *************************************************/
 
 /* This function is a wrapper for child_open_uid() that doesn't have the uid,
 *************************************************/
 
 /* This function is a wrapper for child_open_uid() that doesn't have the uid,

-gid, and working directory changing arguments. It is provided so as to have a
-clean interface for use from local_scan(), but also saves writing NULL
-arguments in other calls.
+gid and working directory changing arguments. The function is provided so as to
+have a clean interface for use from local_scan(), but also saves writing NULL
+arguments several calls that would otherwise use child_open_uid().

 
 Arguments:
   argv        the argv for exec in the new process
 
 Arguments:
   argv        the argv for exec in the new process