David Woodhouse wrote: > ------- You are receiving this mail because: ------- > You are on the CC list for the bug. > > http://bugs.exim.org/show_bug.cgi?id=1044 > > > > > --- Comment #2 from David Woodhouse<[email protected]> 2010-12-11 > 00:23:42 --- > I found a bug in that patch; we can't just refrain from setting > config_changed. > That flag is used for more than the decision of whether to drop privs. It's > used in child.c too. > > I think I'm going to end up doing a new config option TRUSTED_CONFIG_PREFIXES > which is a colon-separated list of acceptable prefixes (or full filenames). > >
Presuming there is at least one known and published default, the rest is up to: - privs on where that/those files is/are - admin's choice of obfuscation, if any IOW - helpful, certainly. Panacea? Probably not. Just a higher bar. But still a good idea, IMHO Bill -- ## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
