Bug#826646: Incorrect handling with initial_cwd variable

Серж ИвановЪ Tue, 07 Jun 2016 05:21:42 -0700

Package: exim4
Priority: standard
Version: 4.80

Currently exim4 debian package handles CWD parameter not correctly.


This fix introduced security patch to store CWD into additional variable
named initial_cwd and it was applied in debian exim packages.
https://bugs.exim.org/show_bug.cgi?id=1805

Before this security fix (Bug 1805), upstream introduced some additional
changes to CWD handling code, this fix was not applied by debian package
maintainers.
https://github.com/Exim/exim/commit/3de973a29de6852d61ba9bf1845835d08ca5a5ab#diff-6e46fb11179cb7da978360d317a92ee0

Current behavior overrides CWD BEFORE any CWD handling could occur.

Uchdir("/") occurs before initial_cwd reads current working directory.

This bug applies to exim in stable and oldstable distribution.

This bug can be reproduced by adding this code "warn logwrite =
$initial_cwd" into acl_not_smtp_start config section

While sending email using plain sendmail, exim4 mail.log has to contain
initial working directory of calling process but instead it contains
already chrooted patch "/"

This is a serious bug, it breaks logic of many spam handling software and
should be fixed soon.

Bug#826646: Incorrect handling with initial_cwd variable

Reply via email to