Stephen Gran writes ("Re: exim-using packages - are you relying on -C or -D
options?"):
> This one time, at band camp, Ian Jackson said:
> > Are you saying the current exim4 package in lenny-security already has
> > the disability you are discussing ?
>
> AIUI, no, not yet. Currently exim will accept -C to any file in any
> location. This makes it trivial for an attacker to escalate from exim
> to root by making any expansion in the config file run code as a
> privileged user.
Ah, yes, I see.
> The current alternative is to make exim refuse to
> execute if the config file is not in a build-time configured directory.
> This is what is being proposed, and if all your other config files are in
> the same place, it sounds like this won't cause a problem for you.
Right, I think it will be OK for me.
Will it follow symlinks ? If so then the problem isn't that sever.
> The patch I'm talking about allows execution outside of the configured
> directory, but without escalated privileges. This would be more
> flexible for users testing things, but it doesn't sound like it's
> relevant at the moment for your needs.
Indeed.
Thanks,
Ian.
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/19719.29274.420376.58...@chiark.greenend.org.uk
