Bug#403605: exim4-config: dc_other_hostnames expanded by the shell, corrupting it
Package: exim4-config Version: 4.63-11 Severity: grave Justification: email was bounced, thus lost to me I have a wildcard MX *.wurtel.net, and that's filled in /etc/exim4/update-exim4.conf.conf accordingly: dc_other_hostnames='wurtel.net : *.wurtel.net : ...' However, I noticed once that instead of *.wurtel.net, the generated config file had db.wurtel.net. At the time I passed that off as an error on my part, as when running update-exim4.conf again it was correct. Today I again noticed in the exim logs that a lot of mail was being bounced due to relay not permitted. Again I saw db.wurtel.net instead of *.wurtel.net, and now I was sure I hadn't made any mistake. Upon investigation it appeared that if a file exists in the current directory that matches *.wurtel.net when update-exim4.conf is run, the filename is filled into the config file, hence corrupting it :-( update-exim4.conf echoes the value of dc_other_hostnames without any quoting! I could imagine that this might even be used to bypass security if a malicious user could get an admin to run update-exim4.conf in a directory with specially prepared filenames. I recommend that a fix is included in the version that's to go into etch. Paul Slootman -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: Bug#403605: exim4-config: dc_other_hostnames expanded by the shell, corrupting it
Processing commands for [EMAIL PROTECTED]: package exim4-config Ignoring bugs not assigned to: exim4-config severity #403605 important Bug#403605: exim4-config: dc_other_hostnames expanded by the shell, corrupting it Severity set to `important' from `grave' thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#403605: exim4-config: dc_other_hostnames expanded by the shell, corrupting it
package exim4-config severity #403605 important thanks On Mon, Dec 18, 2006 at 12:41:27PM +0100, Paul Slootman wrote: Package: exim4-config Version: 4.63-11 Severity: grave Justification: email was bounced, thus lost to me Bounced e-mail is not lost. Downgrading. I have a wildcard MX *.wurtel.net, and that's filled in /etc/exim4/update-exim4.conf.conf accordingly: dc_other_hostnames='wurtel.net : *.wurtel.net : ...' not supported, dc_other_hostnames is a list of semicolon-separated domain names. No wildcards here. However, I noticed once that instead of *.wurtel.net, the generated config file had db.wurtel.net. At the time I passed that off as an error on my part, as when running update-exim4.conf again it was correct. Today I again noticed in the exim logs that a lot of mail was being bounced due to relay not permitted. Again I saw db.wurtel.net instead of *.wurtel.net, and now I was sure I hadn't made any mistake. Upon investigation it appeared that if a file exists in the current directory that matches *.wurtel.net when update-exim4.conf is run, the filename is filled into the config file, hence corrupting it :-( update-exim4.conf echoes the value of dc_other_hostnames without any quoting! I could imagine that this might even be used to bypass security if a malicious user could get an admin to run update-exim4.conf in a directory with specially prepared filenames. I recommend that a fix is included in the version that's to go into etch. Agreed. Be warned, however, that we might fix this by forbidding * and ? in ue4.conf.conf by means of replacing them with _ after giving a warning. Better move your wildcard to the macros made available inside exim configuration. Greetings Marc -- - Marc Haber | I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things.Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
