diff -purN exim-4.73/src/log.c exim-4.74/src/log.c--- exim-4.73/src/log.c Sun

1. diff -purN exim-4.73/src/log.c exim-4.74/src/log.c
2. --- exim-4.73/src/log.c Sun Dec 26 19:17:23 2010
3. +++ exim-4.74/src/log.c Mon Jan 24 22:40:38 2011
4. @@ -361,17 +361,26 @@ are neither exim nor root, creation is not attempted.
5.  
6. else if (euid == root_uid)
7. {
8. - int status;
9. + int status, rv;
10. pid_t pid = fork();
11.  
12. /* In the subprocess, change uid/gid and do the creation. Return 0 from the
13. - subprocess on success. There doesn't seem much point in testing for setgid
14. - and setuid errors. */
15. + subprocess on success. If we don't check for setuid failures, then the file
16. + can be created as root, so vulnerabilities which cause setuid to fail mean
17. + that the Exim user can use symlinks to cause a file to be opened/created as
18. + root. We always open for append, so can't nuke existing content but it would
19. + still be Rather Bad. */
20.  
21. if (pid == 0)
22. {
23. - (void)setgid(exim_gid);
24. - (void)setuid(exim_uid);
25. + rv = setgid(exim_gid);
26. + if (rv)
27. + die(US"exim: setgid for log-file creation failed, aborting",
28. + US"Unexpected log failure, please try later");
29. + rv = setuid(exim_uid);
30. + if (rv)
31. + die(US"exim: setuid for log-file creation failed, aborting",
32. + US"Unexpected log failure, please try later");
33. _exit((create_log(buffer) < 0)? 1 : 0);
34. }