Re: [Exim] Exim privacy bug

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Philip Hazel
Fecha:  
A: Nigel Metheringham
Cc: exim-users
Asunto: Re: [Exim] Exim privacy bug
On 31 Jan 2002, Nigel Metheringham wrote:

> However if "mail -v" (or "exim -v") is used to deliver a mail, *and*
> there are queued messages for the same site/mx target, then you see the
> trace of those queued deliveries as well as your own.


I'm always impressed by the minds that manage to come up with these
subtle exploits. Noted. The solution is of course to turn off -v when
passing the socket to another delivery process, unless the caller is an
admin user. Noted for Exim 4. Is is serious enough to do anything in
Exim 3?

--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.