[exim-dev] [Bug 1044] CVE-2010-4345 exim privilege escalatio…

Top Page
Delete this message
Reply to this message
Author: David Woodhouse
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 1044] CVE-2010-4345 exim privilege escalation
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1044




--- Comment #2 from David Woodhouse <dwmw2@???> 2010-12-11 00:23:42 ---
I found a bug in that patch; we can't just refrain from setting config_changed.
That flag is used for more than the decision of whether to drop privs. It's
used in child.c too.

I think I'm going to end up doing a new config option TRUSTED_CONFIG_PREFIXES
which is a colon-separated list of acceptable prefixes (or full filenames).


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email