Re: [Exim] Does Exim have security problems?

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Dr Andrew C Aitchison
Date:  
À: Exim Users Mailing List
Sujet: Re: [Exim] Does Exim have security problems?
On Mon, 4 Sep 2000, Greg A. Woods wrote:

> Yes, indeed it is often the case that root will not necessarily have
> access to user files if they are on an NFS-mounted filesystem.
>
> I've decided though that if the user root's remote access privileges
> have been mapped to does not also have access to the user .forward files
> then the mailer should just ignore them as if they do not exist. I
> haven't yet found anyone who can make a strong enough claim that will
> convince me otherwise. There should be nothing secret in them, after
> all. So in general I don't worry about root not being able to open and
> read the .forward files.


I don't agree that .forward files will have nothing secret in them.
There isn't much secret about a .forward file that only contains a
single forwarding address, but if exim filtering is enabled they could
contain much more than that; including addresses of regular/important
corrspondents. I'm not sure that I'd want to make mine readable by all
my users.

Dr. Andrew C. Aitchison        Computer Officer, DPMMS, Cambridge
A.C.Aitchison@???    http://www.dpmms.cam.ac.uk/~werdna