RE: [Exim] Exim 4.34 environment variable patch

Top Pagina
Delete this message
Reply to this message
Auteur: Philip Hazel
Datum:  
Aan: Eli
CC: 'Nico Erfurth', 'Hagen Paul Pfeifer', 'Exim-Users (E-mail)'
Onderwerp: RE: [Exim] Exim 4.34 environment variable patch
On Mon, 21 Jun 2004, Eli wrote:

> > Also users could set environment variables and so influence the way
> > exim works. *shudder*
>
> That would be a *smack* for the person who configured Exim with such a
> security "issue". My use does nothing more than log the information in the
> email for tracking purposes. If you want to take action based on something
> in an environment, you should first make sure that you can trust that
> environment - if you can't, don't do it (this goes for other stuff in Exim
> too :P).
>
> > A better way would be to use a startup-script that sets macros,
> > depending on environment variables, via -D.
>
> Only better if the other way has a problem. I'm just handing people the gun
> - it's up to them to shoot themselves or not :)


I feel that the gun is too big to be handed to the majority of
email admins. Many people do not understand the way Exim works. They
will think that this applies only when Exim is "started" using -bd. They
won't realize it will also apply when a user calls /usr/sbin/sendmail.

Also, this is a very minority requirement that can be met by using a wrapper.

--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book:    http://www.uit.co.uk/exim-book