Dr Andrew C Aitchison wrote:
> On Mon, 13 Dec 2010, David Woodhouse wrote:
>
>> Why the hell did this work anyway?
>>
>> cat > e.conf<<'EEE'
>> spool_directory = ${run{/bin/chown root:root /var/spool/exim4/setuid}}
>> ${run{/bin/chmod 4755 /var/spool/exim4/setuid}}
>> EEE
>> exim -Ce.conf -q
>>
>> Why are we invoking ${run...} directives in the config file as root? Why
>> aren't we doing it as the Exim user?
>
> What proportion of exim installations use the ${run...} ${dlfunc...}
> and ${perl...} directives (I can find no evidence that we have ever
> used any of them ) ?List discussions of those indicate that several folks - some perhaps high-traffic, even if low box-count, DO use, and rely on, one of more of them. > > Is there a good reason not to leave these features out of the default > build and make them available only as a compile time option ? > Given the obstacles to a one-size-fits-all solution to sanitizing those, that looks like at least a near-term way to get a 'safer' rev out the door soonest. They could go back into the default later - if/as/when more time has produced a viable - and tested - consensus as to how-so. AND/OR remain compile-time options, as many other things are. Bill -- ## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
