Bug#826646: Incorrect handling with initial_cwd variable
Серж ИвановЪ
evasive.gyron at gmail.com
Tue Jun 7 12:16:59 UTC 2016
Package: exim4
Priority: standard
Version: 4.80
Currently exim4 debian package handles CWD parameter not correctly.
This fix introduced security patch to store CWD into additional variable
named initial_cwd and it was applied in debian exim packages.
https://bugs.exim.org/show_bug.cgi?id=1805
Before this security fix (Bug 1805), upstream introduced some additional
changes to CWD handling code, this fix was not applied by debian package
maintainers.
https://github.com/Exim/exim/commit/3de973a29de6852d61ba9bf1845835d08ca5a5ab#diff-6e46fb11179cb7da978360d317a92ee0
Current behavior overrides CWD BEFORE any CWD handling could occur.
Uchdir("/") occurs before initial_cwd reads current working directory.
This bug applies to exim in stable and oldstable distribution.
This bug can be reproduced by adding this code "warn logwrite =
$initial_cwd" into acl_not_smtp_start config section
While sending email using plain sendmail, exim4 mail.log has to contain
initial working directory of calling process but instead it contains
already chrooted patch "/"
This is a serious bug, it breaks logic of many spam handling software and
should be fixed soon.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-exim4-maintainers/attachments/20160607/21d01b0b/attachment.html>
More information about the Pkg-exim4-maintainers
mailing list