Re: [Exim] Fw: (bugtraq) Exim 3.34 and lower

Góra strony
Delete this message
Reply to this message
Autor: Philip Hazel
Data:  
Dla: Florian Laws
CC: exim-users
Temat: Re: [Exim] Fw: (bugtraq) Exim 3.34 and lower
On Thu, 14 Feb 2002, Florian Laws wrote:

> That said, I haven't checked if it is actually possible to inject code this
> way or if Exim is still running as root at that time. I remember the phrase
> from the manual that Exim does indeed give up root privileges when a
> nonprivileged caller specifies -C, but does it do so before the crash
> occurrs?


Yes. Otherwise -C could be used by an unprivileged user to read an
arbitrary file.

--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.