I've just pushed a set of patches to
http://git.exim.org/users/dwmw2/exim.git
git://git.exim.org/users/dwmw2/exim.git
They do the following:
- Add Valgrind hooks to the store pools to aid debugging.
- Don't use config files as root if they're writeable by non-root
users/groups. Including the Exim user/group.
- Kill ALT_CONFIG_ROOT_ONLY as discussed, so only root can specify
arbitrary files on the command line with the -C option. If the Exim
user uses -C, or uses the -D option to set macros, then root privs
will be dropped.
- Add a TRUSTED_CONFIG_PREFIX_FILE option. If set, it gives a filename
for a file that contains prefix strings, like the ALT_CONFIG_PREFIX.
Each line in that file specifies a prefix for config files which are
to be trusted, and executed with root privilege if seen in the -C
option, regardless of which user Exim is invoked by. As long as the
config file is not writeable by anyone but root, of course.
- Set FD_CLOEXEC on SMTP sockets after forking to handle the connection.
The TRUSTED_CONFIG_PREFIX_FILE one wants a little more attention; I
haven't properly tested it yet. But it's 3am so not right now...
--
David Woodhouse Open Source Technology Centre
David.Woodhouse@??? Intel Corporation
