Index: CHANGES
===================================================================
--- CHANGES	(revision 2574)
+++ CHANGES	(revision 2573)
@@ -6,7 +6,7 @@
 * make faxmail ignore boundaries on parts other than multiparts (29 Jul 2020)
 * don't attempt to write zero bytes of data to a TIFF (29 Jul 2020)
 * don't ever respond to CRP with CRP (28 Jul 2020)
-* secure setup.cache/setup.modem - CVE-2020-15397 (27, 30 Jul 2020)
+* secure setup.cache/setup.modem - CVE-2020-15397 (27 Jul 2020)
 * reset frame counter when a sender retransmits PPS for a previously confirmed
   ECM block (26 Jul 2020)
 * scrutinize PPM before concluding that the sender missed our MCF (23 Jul 2020)
Index: util/faxcron.sh.in
===================================================================
--- util/faxcron.sh.in	(revision 2574)
+++ util/faxcron.sh.in	(revision 2573)
@@ -37,6 +37,22 @@
 # 4. Notify about sites that currently have jobs rejected.
 #
 
+#
+# Deduce the effective user id:
+#   1. Refer to the $EUID environment variable
+#   2. POSIX-style, the id program
+#   3. the old whoami program
+#   4. last gasp, check if we have write permission on /dev
+#
+unset euid
+test -z "$EUID" && EUID=`id |$SED -e 's/.*uid=\([^(]*\).*/\1/'`
+[ "$EUID" = "0" ] && euid=root
+test -z "$euid" && euid=`(whoami) 2>/dev/null`
+test -z "$euid" && test -w /dev && euid=root
+if [ "$euid" = "root" ]; then
+    exec su @FAXUID@ "$0" -- "$@"
+fi
+
 AGEINFO=30			# purge remote info after 30 days inactivity
 AGELOG=30			# keep log info for last 30 days
 AGERCV=7			# purge received facsimile after 7 days
@@ -46,7 +62,6 @@
 LOGMODE=0644			# mode for log files
 XFERLOG=etc/xferfaxlog		# HylaFAX xferfaxlog file location
 LAST=etc/lastrun		# file where time+date of last run recorded
-DIR_LIBDATA=@LIBDATA@		# directory where secure setup.cache is found
 
 TEE=tee
 UPDATE="date +'%D %H:%M' >$LAST"
@@ -67,62 +82,15 @@
 done
 
 cd $SPOOL			# NB: everything below assumes this
+. bin/common-functions
 
-SetupPrivateTmp()
-{
-    if [ -d "$HYLAFAX_TMPDIR" ]; then
-        # Private temp area already created.
-        return
-    fi
-
-    # Would have liked to use -t, but older mktemp don't support it.
-    if [ -z "$TMPDIR" ] || [ ! -w "$TMPDIR" ]; then
-        TMPDIR="/tmp"
-    fi
-    HYLAFAX_TMPDIR=`mktemp -d $TMPDIR/hylafaxtmp-XXXXXXXX 2>/dev/null` || {
-        HYLAFAX_TMPDIR="$TMPDIR/hylafaxtmp-$RANDOM-$RANDOM-$RANDOM-$$"
-        mkdir -m 0700 "$HYLAFAX_TMPDIR"
-    }
-    if [ $? != 0 ]
-    then
-	echo "Couldn't setup private temp area - exiting!" 1>&2
-	exit 1
-    fi
-    # We want any called programs to use our tmp dir.
-    TMPDIR=$HYLAFAX_TMPDIR
-    export TMPDIR
-
-    trap cleanupExit 0
-    trap "hfExit 1" 1 2 15
-}
-
-CleanupPrivateTmp ()
-{
-    if [ -d "$HYLAFAX_TMPDIR" ]
-    then
-	rm -Rf "$HYLAFAX_TMPDIR"
-    fi
-}
-
-cleanupExit ()
-{
-    trap - 0 1 2 15
-    CleanupPrivateTmp
-}
-
-hfExit ()
-{
-    cleanupExit
-    exit $1
-}
-
-test -f $DIR_LIBDATA/setup.cache || {
+test -f etc/setup.cache || {
     SPOOL=`pwd`
     cat<<EOF
 
-FATAL ERROR: $DIR_LIBDATA/setup.cache is missing!
+FATAL ERROR: $SPOOL/etc/setup.cache is missing!
 
-The file $DIR_LIBDATA/setup.cache is not present.  This
+The file $SPOOL/etc/setup.cache is not present.  This
 probably means the machine has not been setup using the faxsetup(@MANNUM1_8@)
 command.  Read the documentation on setting up HylaFAX before you
 startup a server system.
@@ -130,7 +98,7 @@
 EOF
     hfExit 1
 }
-. $DIR_LIBDATA/setup.cache
+. etc/setup.cache
 
 RM="$RM -f"
 
Index: util/recvstats.sh.in
===================================================================
--- util/recvstats.sh.in	(revision 2574)
+++ util/recvstats.sh.in	(revision 2573)
@@ -31,65 +31,33 @@
 NOCLOBBER_OFF=@NOCLOBBER_OFF@
 
 #
+# Deduce the effective user id:
+#   1. Refer to the $EUID environment variable
+#   2. POSIX-style, the id program
+#   3. the old whoami program
+#   4. last gasp, check if we have write permission on /dev
+#
+unset euid
+test -z "$EUID" && EUID=`id |$SED -e 's/.*uid=\([^(]*\).*/\1/'`
+[ "$EUID" = "0" ] && euid=root
+test -z "$euid" && euid=`(whoami) 2>/dev/null`
+test -z "$euid" && test -w /dev && euid=root
+if [ "$euid" = "root" ]; then
+    exec su @FAXUID@ "$0" -- "$@"
+fi
+
+#
 # Print Statistics about Received Facsimile.
 #
 SPOOL=@SPOOL@
-DIR_LIBDATA=@LIBDATA@
+. $SPOOL/bin/common-functions
 
-SetupPrivateTmp()
-{
-    if [ -d "$HYLAFAX_TMPDIR" ]; then
-        # Private temp area already created.
-        return
-    fi
-
-    # Would have liked to use -t, but older mktemp don't support it.
-    if [ -z "$TMPDIR" ] || [ ! -w "$TMPDIR" ]; then
-        TMPDIR="/tmp"
-    fi
-    HYLAFAX_TMPDIR=`mktemp -d $TMPDIR/hylafaxtmp-XXXXXXXX 2>/dev/null` || {
-        HYLAFAX_TMPDIR="$TMPDIR/hylafaxtmp-$RANDOM-$RANDOM-$RANDOM-$$"
-        mkdir -m 0700 "$HYLAFAX_TMPDIR"
-    }
-    if [ $? != 0 ]
-    then
-	echo "Couldn't setup private temp area - exiting!" 1>&2
-	exit 1
-    fi
-    # We want any called programs to use our tmp dir.
-    TMPDIR=$HYLAFAX_TMPDIR
-    export TMPDIR
-
-    trap cleanupExit 0
-    trap "hfExit 1" 1 2 15
-}
-
-CleanupPrivateTmp ()
-{
-    if [ -d "$HYLAFAX_TMPDIR" ]
-    then
-	rm -Rf "$HYLAFAX_TMPDIR"
-    fi
-}
-
-cleanupExit ()
-{
-    trap - 0 1 2 15
-    CleanupPrivateTmp
-}
-
-hfExit ()
-{
-    cleanupExit
-    exit $1
-}
-
-test -f $DIR_LIBDATA/setup.cache || {
+test -f $SPOOL/etc/setup.cache || {
     cat<<EOF
 
-FATAL ERROR: $DIR_LIBDATA/setup.cache is missing!
+FATAL ERROR: $SPOOL/etc/setup.cache is missing!
 
-The file $DIR_LIBDATA/setup.cache is not present.  This
+The file $SPOOL/etc/setup.cache is not present.  This
 probably means the machine has not been setup using the faxsetup(@MANNUM1_8@)
 command.  Read the documentation on setting up HylaFAX before you
 startup a server system.
@@ -97,7 +65,7 @@
 EOF
     hfExit 1
 }
-. $DIR_LIBDATA/setup.cache
+. $SPOOL/etc/setup.cache
 
 FILES=
 SORTKEY=-sender				# default is to sort by sender
Index: util/xferfaxstats.sh.in
===================================================================
--- util/xferfaxstats.sh.in	(revision 2574)
+++ util/xferfaxstats.sh.in	(revision 2573)
@@ -28,65 +28,33 @@
 #
 
 #
+# Deduce the effective user id:
+#   1. Refer to the $EUID environment variable
+#   2. POSIX-style, the id program
+#   3. the old whoami program
+#   4. last gasp, check if we have write permission on /dev
+#
+unset euid
+test -z "$EUID" && EUID=`id |$SED -e 's/.*uid=\([^(]*\).*/\1/'`
+[ "$EUID" = "0" ] && euid=root
+test -z "$euid" && euid=`(whoami) 2>/dev/null`
+test -z "$euid" && test -w /dev && euid=root
+if [ "$euid" = "root" ]; then
+    exec su @FAXUID@ "$0" -- "$@"
+fi
+
+#
 # Print Statistics about Transmitted Facsimile.
 #
 SPOOL=@SPOOL@
-DIR_LIBDATA=@LIBDATA@
+. $SPOOL/bin/common-functions
 
-SetupPrivateTmp()
-{
-    if [ -d "$HYLAFAX_TMPDIR" ]; then
-        # Private temp area already created.
-        return
-    fi
-
-    # Would have liked to use -t, but older mktemp don't support it.
-    if [ -z "$TMPDIR" ] || [ ! -w "$TMPDIR" ]; then
-        TMPDIR="/tmp"
-    fi
-    HYLAFAX_TMPDIR=`mktemp -d $TMPDIR/hylafaxtmp-XXXXXXXX 2>/dev/null` || {
-        HYLAFAX_TMPDIR="$TMPDIR/hylafaxtmp-$RANDOM-$RANDOM-$RANDOM-$$"
-        mkdir -m 0700 "$HYLAFAX_TMPDIR"
-    }
-    if [ $? != 0 ]
-    then
-	echo "Couldn't setup private temp area - exiting!" 1>&2
-	exit 1
-    fi
-    # We want any called programs to use our tmp dir.
-    TMPDIR=$HYLAFAX_TMPDIR
-    export TMPDIR
-
-    trap cleanupExit 0
-    trap "hfExit 1" 1 2 15
-}
-
-CleanupPrivateTmp ()
-{
-    if [ -d "$HYLAFAX_TMPDIR" ]
-    then
-	rm -Rf "$HYLAFAX_TMPDIR"
-    fi
-}
-
-cleanupExit ()
-{
-    trap - 0 1 2 15
-    CleanupPrivateTmp
-}
-
-hfExit ()
-{
-    cleanupExit
-    exit $1
-}
-
-test -f $DIR_LIBDATA/setup.cache || {
+test -f $SPOOL/etc/setup.cache || {
     cat<<EOF
 
-FATAL ERROR: $DIR_LIBDATA/setup.cache is missing!
+FATAL ERROR: $SPOOL/etc/setup.cache is missing!
 
-The file $DIR_LIBDATA/setup.cache is not present.  This
+The file $SPOOL/etc/setup.cache is not present.  This
 probably means the machine has not been setup using the faxsetup(@MANNUM1_8@)
 command.  Read the documentation on setting up HylaFAX before you
 startup a server system.
@@ -94,7 +62,7 @@
 EOF
     hfExit 1
 }
-. $DIR_LIBDATA/setup.cache
+. $SPOOL/etc/setup.cache
 
 FILES=
 SORTKEY=-sender				# default is to sort by sender