Re: [exim] Exim overparanoid about non-root users.

Top Page
Delete this message
Reply to this message
Author: Exim User's Mailing List
Date:  
To: Exim User's Mailing List
Subject: Re: [exim] Exim overparanoid about non-root users.
[ On Friday, September 10, 2004 at 13:58:46 (+0100), Philip Hazel wrote: ]
> Subject: Re: [exim] Exim overparanoid about non-root users.
>
> On Fri, 10 Sep 2004, David Woodhouse wrote:
>
> > Exim is a little overzealous about preventing you from doing stuff when
> > you're not root. It won't let me run that simple test in debugging mode
>
> You need to be an Exim admin user (not necessarily root) in order to run
> Exim in debugging mode. That's because it may show secrets such as
> passwords for databases etc.


If Exim allows admin-group users to specifiy an arbitrary configuration
file on the command line then there should be a big warning that doing
this is probably equivalent to giving those users the root password
should they choose to try to use this technique to gain increased
privileges, regardless of how bug free and carefully coded Exim actually
is.

-- 
                        Greg A. Woods


+1 416 218-0098                  VE3TCP            RoboHack <woods@???>
Planix, Inc. <woods@???>          Secrets of the Weird <woods@???>