It was pointed out recently that the -bP option in Exim (which shows the
setting of one or more options) was rather more open that it should be,
because options like mysql_servers can contain authentication
information. I've just had a think about this. There are two possible
approaches:
(1) Just restrict the use of -bP to admin users. This is the easy thing
to do. However, it seems a bit heavy handed.
(2) Invent a notional flag that is set for certain options, restricting
them to admin users only. This is not a huge amount of work, and I think
there are only a few such options:
mysql_servers
pgsql_servers
all the query or queries options, because they can contain
password information in LDAP queries
server_secret in authenticators
server_condition in authenticators, because it might have an inline
password
client_secret in authenticators
client_send in authenticators
Does anyone have any views? I'm inclined to do (2).
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
