On 03/03/2016 08:12, Golub Mikhail wrote:
> Доброе утро.
>
> Обновил на тестовом хосте Exim до 4.86_2.
> В логе появились записи:
> 2016-03-03 09:57:16 WARNING: purging the environment.
> Suggested action: use keep_environment and add_environment.
>
> Google не находит ничего внятного.
> Кто-то обновлялся?
>
>
% cat pkg-message
IMPORTANT NOTE:
===============
All installations having Exim set-uid root and using 'perl_startup' are
vulnerable to a local privilege escalation. Any user who can start an
instance of Exim (and this is normally *any* user) can gain root
privileges. If you do not use 'perl_startup' you *should* be safe.
New options
-----------
We had to introduce two new configuration options:
keep_environment =
add_environment =
Both options are empty per default. That is, Exim cleans the complete
environment on startup. This affects Exim itself and any subprocesses,
as transports, that may call other programs via some alias mechanisms,
as routers (queryprogram), lookups, and so on. This may affect used
libraries (e.g. LDAP).
** THIS MAY BREAK your existing installation **
New behaviour
-------------
Now Exim changes it's working directory to / right after startup,
even before reading it's configuration. (Later Exim changes it's working
directory to $spool_directory, as usual.)
Exim only accepts an absolute configuration file path now, when using
the -C option.
И более полное сообщение от авторов exim'а:
https://lists.exim.org/lurker/message/20160302.191005.a72d8433.en.html
--
Vsevolod Stakhov
_______________________________________________
Exim-users mailing list
[email protected]
http://mailground.net/mailman/listinfo/exim-users
