Hi Listreaders, 

sorry for the double-post, but after accidently writing my prior email with
the worng subject, and someone noted (PM) that some of you might drop mails
with 'unsubcribe' subject, i do a repost of my message.

Here is what i wrote:

I just found exim's(3) config file in woody is installed with 0644 file
permission by default. This might be okay for standard-installation, but might
that not rise a security bug as soon, as you use either
 - client side authentification and have to insert the password there
 - an other backend as /etc/passwd or simmilar? For example getting
   eMail-adresses from ldap or any other database needs some password to
   connect to it.

Might it be not more secure installing /etc/exim/exim.conf 0640 with root:mail

I am not shure about that, so i did not open a bug at the BTS yet.

Please give me advice.

  Regards,                | Debian GNU / /     _  _  _  _  _ __  __
  .                       |           / /__  / / / \// //_// \ \/ /
  Martin Helas            |          /____/ /_/ /_/\/ /___/  /_/\_\
  mailto:[EMAIL PROTECTED] | because reboots are for hardware upgrades.
  PGP-Fingerprint:  1474 4CAC EF5C ECFA E29E  2CB1 7929 AB90 F7AC 3AF

Attachment: signature.asc
Description: Digital signature

Reply via email to