struct aliases aliases = LIST_HEAD_INITIALIZER(aliases);
struct strlist tmpfs = SLIST_HEAD_INITIALIZER(tmpfs);
struct authusers authusers = LIST_HEAD_INITIALIZER(authusers);
-const char *username;
+char username[USERNAME_SIZE];
+uid_t useruid;
const char *logident_base;
+char errmsg[ERRMSG_SIZE];
static int daemonize = 1;
struct config config = {
.smarthost = NULL,
.port = 25,
- .aliases = "/var/mail/aliases",
+ .aliases = "/etc/aliases",
.spooldir = "/var/spool/dma",
.authpath = NULL,
.certfile = NULL,
.features = 0,
.mailname = NULL,
- .mailnamefile = NULL,
};
daemonize = 0;
bzero(&sa, sizeof(sa));
-#ifdef SA_NOCLDWAIT
- sa.sa_flags = SA_NOCLDWAIT;
-#endif
sa.sa_handler = SIG_IGN;
sigaction(SIGCHLD, &sa, NULL);
{
int error;
unsigned int backoff = MIN_RETRY;
- const char *errmsg = "unknown bounce reason";
struct timeval now;
struct stat st;
+ snprintf(errmsg, sizeof(errmsg), "unknown bounce reason");
+
retry:
syslog(LOG_INFO, "trying delivery");
if (it->remote)
- error = deliver_remote(it, &errmsg);
+ error = deliver_remote(it);
else
- error = deliver_local(it, &errmsg);
+ error = deliver_local(it);
switch (error) {
case 0:
}
if (gettimeofday(&now, NULL) == 0 &&
(now.tv_sec - st.st_mtim.tv_sec > MAX_TIMEOUT)) {
- asprintf(__DECONST(void *, &errmsg),
+ snprintf(errmsg, sizeof(errmsg),
"Could not deliver for the last %d seconds. Giving up.",
MAX_TIMEOUT);
goto bounce;
int nodot = 0, doqueue = 0, showq = 0, queue_only = 0;
int recp_from_header = 0;
+ set_username();
+
+ /*
+ * We never run as root. If called by root, drop permissions
+ * to the mail user.
+ */
+ if (geteuid() == 0 || getuid() == 0) {
+ struct passwd *pw;
+
+ pw = getpwnam(DMA_ROOT_USER);
+ if (pw == NULL)
+ err(1, "cannot drop root privileges");
+
+ if (setuid(pw->pw_uid) != 0)
+ err(1, "cannot drop root privileges");
+
+ if (geteuid() == 0 || getuid() == 0)
+ errx(1, "cannot drop root privileges");
+ }
+
atexit(deltmp);
init_random();
if (logident_base == NULL)
logident_base = "dma";
setlogident(NULL);
- set_username();
-
- /* XXX fork root here */
act.sa_handler = sighup_handler;
act.sa_flags = 0;