Edgar Lovecraft wrote: > Eli wrote:
>>
>> True :D I see it this way - the patch doesn't hurt Exim, and unless
>> you use the features the patch gives you (and mind you this patch is
>> teeny weeny so it's not a memory hog or anything), you're still in
>> the clear and no more the wiser.
>
> It does not hurt Exim? Have you or any else done any security/exploit
> checks of Exim with this patch installed?
I simply don't see how any security issue or exploit could be had with the
use of getenv(). I suppose if on your OS getenv() has a security issue then
that would obviously carry through to Exim, but then it's not Exims fault
and rather the underlying implementation of getenv() on the system.
Whatever getenv() brings, you get. The rest of the code was just chopped up
from looking at the other surrounding code in Exim, and since it was from
the most common section in exim (variable expansion) if there was some sort
of exploit to be found, I'm sure it has long since been fixed and thus my
code too does not suffer from any issues (and I have made code changes in
the newest patch to reflect the changes shown in the 4.34 code). I don't
see any buffer overflows possible, nor do I see any other sort of hack so
long as getenv() on the system is safe.
The only security issue (if you can even call it that) that I'd be aware of
being possible is if the person configuring Exim using this somehow exposes
some variable contents to unauthorized eyes - but then that's not the fault
of the code :)