Hi, this is in response to Debian BTS item #280282 (http://bugs.debian.org/280282), filed in exim bugzilla as #70.
The issue in question shows that some part in exim's content scanner invokes fopen() after explicitly setting umask(0), so that the file created ends up in the file system with 666 permission. A cursory inspection of exim's code shows up other places where fopen() is used with umask 0, and there are even places where fopen()/fchmod() is used, introducing possible race conditions. Is there a background to be considered why it was chosen to do things this way, should exim generally run with a more restrictive umask (only to be relaxed when it's really needed), or should a fopen() wrapper be used? Or am I misled in seeing a possible issue here? Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- ## List details at http://www.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
