Re: [Exim] Exim filters and potential security issues.

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMTony Finch at <-
.MPhilip Hazel at ->
Delete this message
Reply to this message
Author: Nico Erfurth
Date:  
To: Tony Finch
CC: exim-users
Subject: Re: [Exim] Exim filters and potential security issues.
Tony Finch wrote:
> Nico Erfurth <masta@???> wrote:
>
>>2.) Exim filters have a nice feature, they allow to log with the
>>    logfile/logwrite commands, BUT in a virtual only setup, this can
>>    lead to problems. When all users are using the same UID and are
>>    allowed to use exim-filters (as on my machine), an attacker could be
>>    able to use logwrite to write mail into some other users maildir, or
>>    doing other REALLY worse things.

>
>
> forbid_filter_logwrite

*slapsforehead* Ok, it was too late yesterday ;)

Nico



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-RE: [Exim] Allow none standard characters[Exim] Problem with unknown users->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)