[Exim] transport_filter insecure?

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
Kirill Miazine at ->
Delete this message
Reply to this message
Author: Martin Buck
Date:  
To: exim-users
Subject: [Exim] transport_filter insecure?
Hi,

I just noticed that transport_filters have a (at least to me) rather
surprising feature: They are run using the environment inherited from the
exim process which in turn might be inherited from an arbitrary user. The
problem is that they might be run with the uid of another user. Depending
on what a specific filter does (e.g. whether it uses $PATH or not), this is
a security hole.

Even if this wouldn't be a security hole, it should be changed nevertheless
since I can't imagine a case where the current behaviour would be useful. I
noticed this bug originally when my transport_filter tried to run
bogofilter with HOME=/root...

BTW, I tested this with exim 3.35, but the code in 4.24 looks pretty
similar. And I guess other calls to child_open() could be affected as well.

Martin



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] problems building 4.24Re: [Exim] SQL Lookup modification request->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)