------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1044 --- Comment #1 from David Woodhouse <[email protected]> 2010-12-10 16:39:47 --- Created an attachment (id=430) --> (http://bugs.exim.org/attachment.cgi?id=430) patch This patch kills the ALT_CONFIG_ROOT_ONLY option, by making it effectively always set and never allowing even the trusted Exim user to use arbitrary config files. It repurposes the existing ALT_CONFIG_PREFIX, rather than adding a new option and making things more complex. Instead of refusing to run with config files that don't match the prefix, Exim will simply run without root privileges. And it *will* run with root privileges when invoked with the -C option for a file which *does* match the prefix. Important user-visible changes would be: - If you previously had ALT_CONFIG_ROOT_ONLY unset (the default), then you must set ALT_CONFIG_PREFIX and use matching files if you want to use alternative config files. - If you previously had ALT_CONFIG_PREFIX set, then you should be aware that matching config files will now be invoked with root privileges regardless of the uid of the invoking user. We could change the latter so that non-root and non-exim users invoking config files in ALT_CONFIG_PREFIX are *never* granted root privs, but I'm not sure we should. Comments? We might also want to have a colon-separated list of acceptable directories. In which case perhaps it shouldn't be repurposing ALT_CONFIG_PREFIX, but should be a new, different, option? We should *also* fix the CONFIGURE_USER and CONFIGURE_GROUP options, so that the exim user/group are not permitted to own the configuration files by default either. -- Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email -- ## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
