[exim-dev] potential exploitation vector

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Yuri Arabadji
Dátum:  
Címzett: Exim-dev
Tárgy: [exim-dev] potential exploitation vector
Hi, devs.

A quick question to exim developers.

How is it possible that exim invokes something with superuser privileges and
that something is fed with user data?

I'm talking about things like encoding translations that happen when accessing
variables in system filter - iconv family of functions, for example. And hey,
why are we invoking system filter with euid 0 at all?! Is there any strong
reason of doing that or am I getting the code incorrectly?

Thank you.

--
Best regards,
Yuri Arabadji -- System Engineer