On 2010-12-10 David Woodhouse <[email protected]> wrote: [....] > We should *also* fix the CONFIGURE_USER and CONFIGURE_GROUP options, > so that the exim user/group are not permitted to own the > configuration files by default either. [...]
Won't this cause problems when a) the configuration file contains private data (sql passwords?) and cannot be world readable AND b) exim4 is not SUID root? What should be prohibited is that the configuration file or the directory it lives in are /writeable/ by CONFIGURE_USER or CONFIGURE_GROUP. I am not running exim like this but was actually a little bit surprised that (suid) exim works if CONFIGURE_USER:CONFIGURE_GROUP has no read permissions on the configuration file. cu andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' -- ## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
