Re: [exim] Exim overparanoid about non-root users.

Góra strony
Delete this message
Reply to this message
Autor: Exim User's Mailing List
Data:  
Dla: Exim User's Mailing List
Temat: Re: [exim] Exim overparanoid about non-root users.
[ On Friday, September 10, 2004 at 13:58:46 (+0100), Philip Hazel wrote: ]
> Subject: Re: [exim] Exim overparanoid about non-root users.
>
> On Fri, 10 Sep 2004, David Woodhouse wrote:
>
> > Exim is a little overzealous about preventing you from doing stuff when
> > you're not root. It won't let me run that simple test in debugging mode
>
> You need to be an Exim admin user (not necessarily root) in order to run
> Exim in debugging mode. That's because it may show secrets such as
> passwords for databases etc.


If Exim allows admin-group users to specifiy an arbitrary configuration
file on the command line then there should be a big warning that doing
this is probably equivalent to giving those users the root password
should they choose to try to use this technique to gain increased
privileges, regardless of how bug free and carefully coded Exim actually
is.

-- 
                        Greg A. Woods


+1 416 218-0098                  VE3TCP            RoboHack <woods@???>
Planix, Inc. <woods@???>          Secrets of the Weird <woods@???>