[exim-dev] [Bug 1044] New: CVE-2010-4345 exim privilege esca…

Top Page

Reply to this message
Author: David Woodhouse
To: exim-dev
New-Topics: [exim-dev] [Bug 1044] CVE-2010-4345 exim privilege escalation
Subject: [exim-dev] [Bug 1044] New: CVE-2010-4345 exim privilege escalation
------- You are receiving this mail because: -------
You are on the CC list for the bug.

           Summary: CVE-2010-4345 exim privilege escalation
           Product: Exim
           Version: N/A
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: General execution
        AssignedTo: nigel@???
        ReportedBy: dwmw2@???
                CC: exim-dev@???

When EXIM is built without the ALT_CONFIG_ROOT_ONLY configuration option, the
Exim user can create a config file with ${run...} directives that will be
executed as root. It's a trivial privilege escalation.

We should kill the !ALT_CONFIG_ROOT_ONLY behaviour, so that *only* the root
user can specify arbitrary new configs on the command line with the -C option.

For people who have a genuine need to use multiple parallel configs on the same
machine, we need a way to "bless" the known configs.

Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email