Am 09.03.2016 um 14:18 schrieb Andreas M. Kirchwitz: > If I may ask, what was the reason to clear the environment in the > first place? It's a significant change, so I guess certain environment > settings imposed serious problems. I'm a little scared now that I add > exactly those variables to keep_environment which should be avoided at > all costs. Greetings, Andreas
bash ( USER ) -> ENV LIBPATH=mydirectoryilike exim <options to load your config> -> now your ROOT because exim is -> calls perlwrapper -> perl load your lib from your directory -> your code in the lib gets executed as root. The question is, who stops the attacker from loading a config he likes directly into exim WITH the new vars set ? Marius -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
