Author: Yuri Arabadji Date: To: exim-dev CC: Phil Pennock Subject: Re: [exim-dev] potential exploitation vector
Wow, indeed, going to bug CPanel guys then.
Thank you so much for explaining!
On Thursday 04 November 2010, Phil Pennock wrote: > On 2010-11-04 at 01:07 +0200, Yuri Arabadji wrote:
> > Hello, Phil.
> > Thanks for your time spent on replying to my message. Let me take another
> > portion of it ;)
> > The specific exim's build I'm using is deployed on many hosting servers
> > across the internet and it would be quite bad if this turns out to be an
> > actual bug:
> > http://diff.cpanel.net/exim/4.69-23.1/src/exim-4.69-23.1_cpanel_maildir.s > >rc.rpm
> > EXIM_USER is mailnull. exim -bP exim_user outputs mailnull.
> > uid=47(mailnull) gid=47(mailnull) groups=47(mailnull)
> > Please see the attached traces and especially the line
> > "Let's see what UIDs we've got" in exim.daemon.log.
> > This is an almost unmodified CPanel exim installation. I'm attaching
> > everything relevant. It would be wonderful if you could explain what's
> > going on there and whether that is the expected behavior.
> You're quite right, I was mis-remembering the defaults of Exim. My
> We should probably look at changing the default value of
Yuri Arabadji -- System Engineer
This message was posted to the following mailing lists: