[ On Friday, September 10, 2004 at 13:58:46 (+0100), Philip Hazel wrote: ]
> Subject: Re: [exim] Exim overparanoid about non-root users.
>
> On Fri, 10 Sep 2004, David Woodhouse wrote:
>
> > Exim is a little overzealous about preventing you from doing stuff when
> > you're not root. It won't let me run that simple test in debugging mode
>
> You need to be an Exim admin user (not necessarily root) in order to run
> Exim in debugging mode. That's because it may show secrets such as
> passwords for databases etc.
If Exim allows admin-group users to specifiy an arbitrary configuration
file on the command line then there should be a big warning that doing
this is probably equivalent to giving those users the root password
should they choose to try to use this technique to gain increased
privileges, regardless of how bug free and carefully coded Exim actually
is.
--
Greg A. Woods
+1 416 218-0098 VE3TCP RoboHack <woods@???>
Planix, Inc. <woods@???> Secrets of the Weird <woods@???>