Package: exim4-config Version: 4.50-8 Severity: normal
I created a file named /etc/exim4/conf.d/rewrite/20_exim4-config_rewrite-example.com expecting the configuration to be picked up by update-exim4.conf. However, this file was silently ignored. update-exim4.conf performs sanitisation inside run-parts: for F in $(ls $1); do if expr "$F" : '[[:alnum:]_-]\+$' > /dev/null 2>&1; then if [ -f "$1/$F" ] ; then if [ -f "$1/${F}.rul" ] ; then echo "$1/${F}.rul" else echo "$1/$F" This ignores any files not matching [[:alnum:]_-]+. I presume the check is there for a good reason, but it is certainly too strict. Having full stops in filenames is not unusual! Secondly, no warning was issued when this file was ignored. There is even an option to update-exim4.conf: -v|--verbose - Enable verbose mode, tell about ignored files but even with this option on, the ignored file was not mentioned. Either the file name check needs to be removed completely, or the sanitation needs to be relaxed to allow all but the most dangerous characters, and in that latter case there needs to be a warning issued when a file is ignored and the -v flag is on. Cheers, Ewan Mellor. -- Package-specific info: Exim version 4.50 #1 built 27-May-2005 08:08:19 Copyright (c) University of Cambridge 2004 Berkeley DB: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003) Support for: iconv() IPv6 GnuTLS Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dsearch nis nis0 passwd Authenticators: cram_md5 plaintext Routers: accept dnslookup ipliteral manualroute queryprogram redirect Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp Fixed never_users: 0 Configuration file is /var/lib/exim4/config.autogenerated -- System Information: Debian Release: 3.1 APT prefers experimental APT policy: (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.8 Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1) Versions of packages exim4-config depends on: ii adduser 3.63 Add and remove users and groups ii debconf [debconf-2.0] 1.4.30.13 Debian configuration management sy ii passwd 1:4.0.3-31sarge5 change and administer password and -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]