* Martin Buck [2003-10-05 21:03]: > I just noticed that transport_filters have a (at least to me) rather
> surprising feature: They are run using the environment inherited from the
> exim process which in turn might be inherited from an arbitrary user. The
> problem is that they might be run with the uid of another user. Depending
> on what a specific filter does (e.g. whether it uses $PATH or not), this is
> a security hole.
If so, this is a security hole in the filter program.
> Even if this wouldn't be a security hole, it should be changed nevertheless
> since I can't imagine a case where the current behaviour would be useful. I
> noticed this bug originally when my transport_filter tried to run
> bogofilter with HOME=/root...