Re: [exim] [Exim RPM w/ mysql-enable for FC2] Anybody out th…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Nigel Metheringham
Date:  
À: exim-users
Sujet: Re: [exim] [Exim RPM w/ mysql-enable for FC2] Anybody out there whohad installed mysql enabled exim rpm for fedora core 2?
On Tue, 2004-08-31 at 06:34 -0400, Wakko Warner wrote:
> > Just be very careful to think about security issues. You need to be sure
> > that anything you load dynamically comes from the right place. I'm not
> > so much thinking of the daemon here, but what happens when an
> > unprivileged user runs exim.
>
> I hadn't really given it a thought as to where the modules would be, but I
> would think that looking in only 1 place would work.
>
> base path would be /usr/lib/exim and under that, you'd have a directory for
> routers, transports, authenticators, etc.


Are there security implications I have missed that would be triggered if
you treated dynamically loadable chunks the same as the -C <config file>
option?

So specifying a loadable module on the command line drops privilege in
the same way as a config file change.

BTW are we really talking about making everything loadable, or is this
really useful only for lookups? AFAICS lookups are currently the only
things that have significant reason to be separated out - not so much
due to the code size itself, but due to the libraries they pull in and
the dependencies they generate on exim (so a system ends up requiring 4
database libraries when it only uses one of the databases).

    Nigel.
-- 
[ Nigel Metheringham           Nigel.Metheringham@??? ]
[ - Comments in this message are my own and not ITO opinion/policy - ]