Cyborg <[email protected]> (Mi 09 Mär 2016 18:07:33 CET): > The question is, who stops the attacker from loading a config he likes > directly into exim WITH the new vars set ?
Nobody stop the attacker, but if you ask Exim to open the config you
like (via -C …) Exim drops the root privileges before reading the
configuration.
For the Configs of the built in list Jeremy explained, why it can be
considered safe.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
signature.asc
Description: Digital signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
