On Wed, 4 Dec 2002, John Horne wrote:
> Could this problem also exist if pid_file_path is set (with %s) in the
> Makefile used to build exim (although the option itself may not be specified
> in the configure file)? If so, then perhaps the exploit could exist without
> the need to change the configure file or restart exim?
Yes, but then the builder of Exim would have been the person trying to
break it, because you have to specify a "nasty" string in order to make
the exploit work.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.