Re: [Exim] Fw: (bugtraq) Exim 3.34 and lower

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Philip Hazel
Date:  
À: Florian Laws
CC: exim-users
Sujet: Re: [Exim] Fw: (bugtraq) Exim 3.34 and lower
On Thu, 14 Feb 2002, Florian Laws wrote:

> That said, I haven't checked if it is actually possible to inject code this
> way or if Exim is still running as root at that time. I remember the phrase
> from the manual that Exim does indeed give up root privileges when a
> nonprivileged caller specifies -C, but does it do so before the crash
> occurrs?


Yes. Otherwise -C could be used by an unprivileged user to read an
arbitrary file.

--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.