Hi,
> Better mitigation is to recompile exim with ALT_CONFIG_PREFIX set to
> somewhere that the exim user cannot write to (/etc/exim?), or set
> ALT_CONFIG_ROOT_ONLY=yes if you don't use -C for anything special. Same
> with DISABLE_D_OPTION.
It is perhaps very naive, and valid only as long as the attack doesn't
change the path of the files, but as i can't avoid local delivery (ie, the
suid bit... :-(
i did
chown root.Debian-exim /var/spool/exim4/
efectively disabling the Debian-exim user writing in the spool folder (but
of course not in subdirs!!....)
Ok, i've also installed iwatch to monitor the /tmp and spool folders ...
not the ultimate solution but better than nothing...
Or could these measures be useless anyways?
Thanks, cheers, Ariel
