Re: [Exim] Exim privacy bug

Top Pagina
Delete this message
Reply to this message
Auteur: Nigel Metheringham
Datum:  
Aan: exim-users
Onderwerp: Re: [Exim] Exim privacy bug
On Thu, 2002-01-31 at 16:58, Philip Hazel wrote:
> On 31 Jan 2002, Nigel Metheringham wrote:
>
> > However if "mail -v" (or "exim -v") is used to deliver a mail, *and*
> > there are queued messages for the same site/mx target, then you see the
> > trace of those queued deliveries as well as your own.
>
> I'm always impressed by the minds that manage to come up with these
> subtle exploits. Noted. The solution is of course to turn off -v when
> passing the socket to another delivery process, unless the caller is an
> admin user. Noted for Exim 4. Is is serious enough to do anything in
> Exim 3?


I don't think so. [Especially since I tend to allow everyone to see the
queue anyhow - but don't let users on the machines :-) ]

    Nigel.
--
[ Nigel Metheringham           Nigel.Metheringham@??? ]
[ Phone: +44 1423 850000                         Fax +44 1423 858866 ]
[ - Comments in this message are my own and not ITO opinion/policy - ]