On Thu, 2002-01-31 at 16:58, Philip Hazel wrote:
> On 31 Jan 2002, Nigel Metheringham wrote:
>
> > However if "mail -v" (or "exim -v") is used to deliver a mail, *and*
> > there are queued messages for the same site/mx target, then you see the
> > trace of those queued deliveries as well as your own.
>
> I'm always impressed by the minds that manage to come up with these
> subtle exploits. Noted. The solution is of course to turn off -v when
> passing the socket to another delivery process, unless the caller is an
> admin user. Noted for Exim 4. Is is serious enough to do anything in
> Exim 3?
I don't think so. [Especially since I tend to allow everyone to see the
queue anyhow - but don't let users on the machines :-) ]
Nigel.
--
[ Nigel Metheringham Nigel.Metheringham@??? ]
[ Phone: +44 1423 850000 Fax +44 1423 858866 ]
[ - Comments in this message are my own and not ITO opinion/policy - ]