Re: [exim-dev] Remote root vulnerability in Exim

Top Page

Reply to this message
Author: Ariel Garcia
Date:  
To: Exim-dev
Subject: Re: [exim-dev] Remote root vulnerability in Exim
Hi,

> Better mitigation is to recompile exim with ALT_CONFIG_PREFIX set to
> somewhere that the exim user cannot write to (/etc/exim?), or set
> ALT_CONFIG_ROOT_ONLY=yes if you don't use -C for anything special. Same
> with DISABLE_D_OPTION.


It is perhaps very naive, and valid only as long as the attack doesn't 
change the path of the files, but as i can't avoid local delivery (ie, the 
suid bit... :-(
i did 
    chown root.Debian-exim /var/spool/exim4/
efectively disabling the Debian-exim user writing in the spool folder (but 
of course not in subdirs!!....)


Ok, i've also installed iwatch to monitor the /tmp and spool folders ...
not the ultimate solution but better than nothing...

Or could these measures be useless anyways?

Thanks, cheers, Ariel