On Wed, 2010-12-15 at 08:10 -0500, W B Hacker wrote: > > At the very least, these over-helpful critters and their kin should be > pulled > back to non-default compile time options. And their hazards made VERY > clear.
I disagree. Firstly, the flexibility you're talking about is what makes Exim what it is. If I wanted a crippled MTA that couldn't do half the things I currently do with Exim, then I'd be using Postfix. And secondly, the problem here is *not* the features. The problem here is that we allowed its behaviour, when running as root, to be controlled by a user that was not root and should not have been trusted. It was a fault in the privilege separation design, pure and simple. Even if we lost all the features which actually make Exim worthwhile, and all it could do was append to a text file, that could still be abused if the privilege separation isn't working right. I think our direction at the moment, fixing the privilege separation issues and allowing for only *certain* variations which are "blessed" in advance by the root user, is the correct one. -- dwmw2 -- ## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
