David Woodhouse wrote: > ------- You are receiving this mail because: ------- > You are on the CC list for the bug. > > http://bugs.exim.org/show_bug.cgi?id=1044 > *snip*
> We could change the latter so that non-root and non-exim users invoking > config files in ALT_CONFIG_PREFIX are *never* granted root privs, but > I'm not sure we should. Comments? +1 > > We might also want to have a colon-separated list of acceptable directories. > In > which case perhaps it shouldn't be repurposing ALT_CONFIG_PREFIX, but should > be > a new, different, option? > +1 > We should *also* fix the CONFIGURE_USER and CONFIGURE_GROUP options, so that > the exim user/group are not permitted to own the configuration files by > default > either. > > Seems harmless. Even 'almost' transparent. AFAIK they may be *permitted* to so own at present, but 'ordinarily' do not in fact. Eg: bog-standard *BSD install they are in ~/etc[/local]/exim/configure[n] and owned by root:wheel anyway - not the exim daemon-runner or group. (I can't speak for Linux) Those using multiple [instance|parallel|selected] configs 'most likely' expect to deal with several out of the ordinary situations, and could reasonably be expected to support a change here in light of events. Bill -- ## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
