Re: [Exim] Minor security problem in both Exim 3 and 4

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: John Horne
CC: exim-users
Subject: Re: [Exim] Minor security problem in both Exim 3 and 4
On Wed, 4 Dec 2002, John Horne wrote:

> Could this problem also exist if pid_file_path is set (with %s) in the
> Makefile used to build exim (although the option itself may not be specified
> in the configure file)? If so, then perhaps the exploit could exist without
> the need to change the configure file or restart exim?


Yes, but then the builder of Exim would have been the person trying to
break it, because you have to specify a "nasty" string in order to make
the exploit work.

--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.