Re: [Exim] Configuration data that is sensitive

Top Page
Delete this message
Reply to this message
Author: Nigel Metheringham
Date:  
To: Philip Hazel
CC: exim-users
New-Topics: [Exim] ASMTP Sending with netscape
Subject: Re: [Exim] Configuration data that is sensitive
ph10@??? said:
> (2) Invent a notional flag that is set for certain options,
> restricting them to admin users only. This is not a huge amount of
> work, and I think there are only a few such options:

...
>    all the query or queries options, because they can contain 
>      password information in LDAP queries


Isn't that anything thats an expanded string, host list or domain list
included there? Thats quite a lot....

You could special case -bP - *before* reading the config, if the
command is a -bP, setuid() to the invoking UID. Then you decide on
config visisbility by config file permissions.

    Nigel.



-- 
[ - Opinions expressed are personal and may not be shared by VData - ]
[ Nigel Metheringham                  Nigel.Metheringham@??? ]
[ Phone: +44 1423 850000                         Fax +44 1423 858866 ]