Re: [Exim] Exim privacy bug

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Philip Hazel
Dátum:  
Címzett: Nigel Metheringham
CC: exim-users
Tárgy: Re: [Exim] Exim privacy bug
On 31 Jan 2002, Nigel Metheringham wrote:

> However if "mail -v" (or "exim -v") is used to deliver a mail, *and*
> there are queued messages for the same site/mx target, then you see the
> trace of those queued deliveries as well as your own.


I'm always impressed by the minds that manage to come up with these
subtle exploits. Noted. The solution is of course to turn off -v when
passing the socket to another delivery process, unless the caller is an
admin user. Noted for Exim 4. Is is serious enough to do anything in
Exim 3?

--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.