Thanks for the feedback. I'll fix that and push later this evening. With that done, I think the biggest issue with privilege escalation is mostly dealt with. An attacker can't make their own config file; they'd have to find a root-owned file lying around which looked enough like an Exim config and did something stupid.
It's not a panacea; we do want to kill ALT_CONFIG_ROOT_ONLY too and do some kind of whitelist of trusted configs. But it's a large part of the answer. -- dwmw2 -- ## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
