Delay chdir(/) until we opened the main config

Exim · Mar 3, 2016 · 3de973a · 3de973a
1 parent 13559da
commit 3de973a
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 17 deletions.
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
@@ -3487,8 +3487,6 @@ name, but it can be a colon-separated list of names. In this case, the first
 file that exists is used. Failure to open an existing file stops Exim from
 proceeding any further along the list, and an error is generated.
 
-The file names need to be absolute names.
-
 When this option is used by a caller other than root, and the list is different
 from the compiled-in list, Exim gives up its root privilege immediately, and
 runs with the real and effective uid and gid set to those of the caller.

diff --git a/src/src/exim.c b/src/src/exim.c
@@ -3741,17 +3741,16 @@ if (running_in_test_harness) smtputf8_advertise_hosts = NULL;
 
 /* Read the main runtime configuration data; this gives up if there
 is a failure. It leaves the configuration file open so that the subsequent
-configuration data for delivery can be read if needed. */
+configuration data for delivery can be read if needed.
 
-/* To be safe: change the working directory to /. */
-if (Uchdir("/") < 0)
-  {
-    perror("exim: chdir `/': ");
-    exit(EXIT_FAILURE);
-  }
+NOTE: immediatly after opening the configuration file we change the working
+directory to "/"! Later we change to $spool_directory. We do it there, because
+during readconf_main() some expansion takes place already. */
 
 readconf_main();
 
+/* Now in directory "/" */
+
 if (cleanup_environment() == FALSE)
   log_write(0, LOG_PANIC_DIE, "Can't cleanup environment");
 

diff --git a/src/src/readconf.c b/src/src/readconf.c
@@ -3049,14 +3049,6 @@ while((filename = string_nextinlist(&list, &sep, big_buffer, big_buffer_size))
        != NULL)
   {
 
-  /* To avoid confusion: Exim changes to / at the very beginning and
-   * and to $spool_directory later. */
-  if (filename[0] != '/')
-    {
-    fprintf(stderr, "-C %s: only absolute names are allowed\n", filename);
-    exit(EXIT_FAILURE);
-  }
-
   /* Cut out all the fancy processing unless specifically wanted */
 
   #if defined(CONFIGURE_FILE_USE_NODE) || defined(CONFIGURE_FILE_USE_EUID)
@@ -3110,6 +3102,15 @@ while((filename = string_nextinlist(&list, &sep, big_buffer, big_buffer_size))
   if (config_file != NULL || errno != ENOENT) break;
   }
 
+/* Now, once we found and opened our configuration file, we change the directory
+to a safe place. Later we change to $spool_directory. */
+
+if (Uchdir("/") < 0)
+  {
+  perror("exim: chdir `/': ");
+  exit(EXIT_FAILURE);
+  }
+
 /* On success, save the name for verification; config_filename is used when
 logging configuration errors (it changes for .included files) whereas
 config_main_filename is the name shown by -bP. Failure to open a configuration