On Thu, Feb 14, 2002 at 09:13:35AM +0000, Philip Hazel wrote:
>
> So far, the worst that I've heard this can do is for a local user to be
> able to call Exim and make it crash. That isn't very high up on my scale
> of priorities for "panic, must fix it immediately" bugs. Of course,
> there may be something I've missed.
Isn't the potential security problem that the local host could trick Exim
into running arbitrary code via the buffer overflow and, since Exim is
siud root, run this code as root and get root privileges?
That said, I haven't checked if it is actually possible to inject code this
way or if Exim is still running as root at that time. I remember the phrase
from the manual that Exim does indeed give up root privileges when a
nonprivileged caller specifies -C, but does it do so before the crash
occurrs?
Regards,
Florian
--
florian laws [
mailto:fl@dmc.de] [
http://www.dmc.de]
systems administrator
digital media center gmbh
marienstrasse 41
70178 stuttgart (germany)
fon [49].[711].601747-46
fax [49].[711].601747-77