Re: [Exim] Problem with -Meb environment being destroyed

Top Page

Reply to this message
Author: Nigel Metheringham
Date:  
To: Exim Users
Subject: Re: [Exim] Problem with -Meb environment being destroyed
phil@??? said:
> May I throw a load of mud into the settling waters of this argument
> and say "maximum paranoia"? I really dislike having setuid programs
> which start other programs and which don't flatten the environment,
> unless there's extremely good reason.


Ugh... thats a good point... I wonder if a LD_PRELOAD attack could be
used against a user supplied non-setuid forward piped program. I know
a setuid prog won't *honour* these itself, but if its not setuid
children do you can still subvert someone elses UID from a local
account.

> How about a "preserve_environment" which takes a list of environment
> variables, or if unset passes things through by default?


> preserve_environment = EDITOR:VISUAL:TERM:TERMINFO:DISPLAY:WINDOW


This is a pretty definitive way of dealing with it.


    Nigel.
-- 
[ - Opinions expressed are personal and may not be shared by VData - ]
[ Nigel Metheringham                  Nigel.Metheringham@??? ]
[ Phone: +44 1423 850000                         Fax +44 1423 858866 ]