Thanks for the very fast response. On Mon, 2011-10-10 at 03:08 -0400, Phil Pennock wrote: > Use another config file which sets a couple of macros and then > .include's the real config file, and then reference this new config file > in the trusted list.
This is what I ended up doing. > That way, the precise set of available macros is locked down to files > controlled/owned by root, or the configure owner (which should _not_ > include the Exim run-time user). As I discovered it isn't an ideal alternative. I lied. I had two independent variables. On coming to the realisation using this method to set N independent variables would need N! (N factorial) config files, I decided it was time to eliminate one. > Sorry, the old freedom made it far too easy to escalate privileges from > the Exim run-time user to root (unless you built Exim as setuid to a > dedicated user instead of root, per some of the pointers in "52. > Security considerations"). Yes, well the old -D was a disaster waiting to happen, but you need a replacement. There are lots of reasons people want tell exim to use their config files in some special mode. My large message queues was one. Sadly I passed in the message size with -DMAX_MESSAGE_SIZE=size. It was a handy option but it had to go for now. I had another queue for dealing with low priority messages which came into being when a massive virus attack meant real messages weren't getting though. I haven't used it in a while so it went as well. Others use macro's to feed messages back into exim after some special processing has been done (eg spam, virus checking). I now realise the WHITELISTED_D_MACROS thing was a debian hack introduced for this reason. I guess you are aware of this. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
