subject:"Bug#818897\: Exim4 change CWD string to \/"

Bug#818897: Exim4 change CWD string to /

2016-06-05 Thread Серж ИвановЪ

On Thu, 21 Apr 2016 19:30:15 +0200 Andreas Metzler  wrote:
> On 2016-04-20 Roman Bulakh  wrote:
> > On 2016-03-27 Andreas Metzler  wrote:
> >> On 2016-03-21 Roman Bulakh  wrote:
> >>> Package: exim4
> >>> Version: 4.80-7+deb7u2
>
> >>> After updates exim to version 4.80-7+deb7u2 exim.c change CWD dir to /
> >>> on startup.
> [...]
> >> /usr/share/doc/exim4-base/changelog.Debian.gz
> >> exim4 (4.80-7+deb7u2) wheezy-security; urgency=high
> >>   * 88_CVE-2016-1531.diff:
> >> [...]
> >> + Exim changes it's working directory to / right after startup.
> >> [...]
> >>   * 89_01_only_warn_on_nonempty_environment.diff,
> >> 89_02_Store-the-initial-working-directory.diff: Upstream followups
on the
> >> CVE fix (Thanks, Heiko Schlittermann!):
> >> [...]
> >> + Store the initial working directory and make it available in the
new
> >>   expansion variable $initial_cwd.
>
>
> >> Sadly I made an error with the latter patch, but it is going to be
fixed
> >> in the next point release. See , you
can
> >> already grab 4.80-7+deb7u3 directly from the mirrors.
> >> http://ftp.at.debian.org/debian/pool/main/e/exim4/
> [...]
>
> > Problem is not fixed. I have exim 4.80-7+deb7u3 but cwd still "cwd=/"
>
> Please re-read my comment. I did not say exim stopped changing to / but
> "Store the initial working directory and make it available in the new
> expansion variable $initial_cwd.".
>
> You'll need to change your config.
>
> cu Andreas
> --
> `What a good friend you are to him, Dr. Maturin. His other friends are
> so grateful to you.'
> `I sew his ears on from time to time, sure'
>
>

Using this code "warn log_message = $initial_cwd" in acl_not_smtp yields
"2016-06-05 13:16:51 1b9V6x-00059W-3B U=root Warning: /"
as apposed to correct behavior,

can you clarify needed config changes, what are we missing here?

Bug#818897: Exim4 change CWD string to /

2016-04-21 Thread Andreas Metzler

On 2016-04-20 Roman Bulakh  wrote:
> On 2016-03-27 Andreas Metzler  wrote:
>> On 2016-03-21 Roman Bulakh  wrote:
>>> Package: exim4
>>> Version: 4.80-7+deb7u2

>>> After updates exim to version 4.80-7+deb7u2 exim.c change CWD dir to /
>>> on startup.
[...]
>> /usr/share/doc/exim4-base/changelog.Debian.gz
>> exim4 (4.80-7+deb7u2) wheezy-security; urgency=high
>>   * 88_CVE-2016-1531.diff:
>> [...]
>> + Exim changes it's working directory to / right after startup.
>> [...]
>>   * 89_01_only_warn_on_nonempty_environment.diff,
>> 89_02_Store-the-initial-working-directory.diff: Upstream followups on the
>> CVE fix (Thanks, Heiko Schlittermann!):
>> [...]
>> + Store the initial working directory and make it available in the new
>>   expansion variable $initial_cwd.


>> Sadly I made an error with the latter patch, but it is going to be fixed
>> in the next point release. See , you can
>> already grab 4.80-7+deb7u3 directly from the mirrors.
>> http://ftp.at.debian.org/debian/pool/main/e/exim4/
[...]

> Problem is not fixed. I have exim 4.80-7+deb7u3 but cwd still "cwd=/"

Please re-read my comment. I did not say exim stopped changing to / but
"Store the initial working directory and make it available in the new
expansion variable $initial_cwd.".

You'll need to change your config.

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

Bug#818897: Exim4 change CWD string to /

2016-03-27 Thread Andreas Metzler

On 2016-03-21 Roman Bulakh  wrote:
> Package: exim4
> Version: 4.80-7+deb7u2

> After updates exim to version 4.80-7+deb7u2 exim.c change CWD dir to /
> on startup.

> Checking cwd=/some/vay was a popular heuristic for
> identifying the source of malware sending email.

> The output would look something like this:

> 2016-03-04 11:46:22 cwd=/root 9 args: /usr/sbin/sendmail -FCronDaemon
> -i -odi -oem -oi -t -f root

> Now it looks like this:

> 2016-03-04 11:46:22 cwd=/ 9 args: /usr/sbin/sendmail -FCronDaemon -i
> -odi -oem -oi -t -f root
[...]

Hello,

/usr/share/doc/exim4-base/changelog.Debian.gz
exim4 (4.80-7+deb7u2) wheezy-security; urgency=high
  * 88_CVE-2016-1531.diff:
[...]
+ Exim changes it's working directory to / right after startup.
[...]
  * 89_01_only_warn_on_nonempty_environment.diff,
89_02_Store-the-initial-working-directory.diff: Upstream followups on the
CVE fix (Thanks, Heiko Schlittermann!):
[...]
+ Store the initial working directory and make it available in the new
  expansion variable $initial_cwd.


Sadly I made an error with the latter patch, but it is going to be fixed
in the next point release. See , you can
already grab 4.80-7+deb7u3 directly from the mirrors.
http://ftp.at.debian.org/debian/pool/main/e/exim4/

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

Bug#818897: Exim4 change CWD string to /

2016-03-21 Thread Roman Bulakh

Package: exim4
Version: 4.80-7+deb7u2

After updates exim to version 4.80-7+deb7u2 exim.c change CWD dir to /
on startup.

Checking cwd=/some/vay was a popular heuristic for
identifying the source of malware sending email.

The output would look something like this:

2016-03-04 11:46:22 cwd=/root 9 args: /usr/sbin/sendmail -FCronDaemon
-i -odi -oem -oi -t -f root

Now it looks like this:

2016-03-04 11:46:22 cwd=/ 9 args: /usr/sbin/sendmail -FCronDaemon -i
-odi -oem -oi -t -f root

Bug#818897: Exim4 change CWD string to /

Bug#818897: Exim4 change CWD string to /

Bug#818897: Exim4 change CWD string to /

Bug#818897: Exim4 change CWD string to /

4 matches

Site Navigation

Mail list logo

Footer information