Author: Ariel Garcia Date: To: Exim-dev Subject: Re: [exim-dev] Remote root vulnerability in Exim
> Better mitigation is to recompile exim with ALT_CONFIG_PREFIX set to
> somewhere that the exim user cannot write to (/etc/exim?), or set
> ALT_CONFIG_ROOT_ONLY=yes if you don't use -C for anything special. Same
> with DISABLE_D_OPTION.
It is perhaps very naive, and valid only as long as the attack doesn't
change the path of the files, but as i can't avoid local delivery (ie, the
suid bit... :-(
chown root.Debian-exim /var/spool/exim4/
efectively disabling the Debian-exim user writing in the spool folder (but
of course not in subdirs!!....)
Ok, i've also installed iwatch to monitor the /tmp and spool folders ...
not the ultimate solution but better than nothing...
Or could these measures be useless anyways?
Thanks, cheers, Ariel
This message was posted to the following mailing lists: