Author: W B Hacker Date: To: 1044 CC: exim-dev, David Woodhouse Subject: Re: [exim-dev] [Bug 1044] CVE-2010-4345 exim privilege escalation
David Woodhouse wrote: > ------- You are receiving this mail because: -------
> You are on the CC list for the bug.
> http://bugs.exim.org/show_bug.cgi?id=1044 > *snip*
> We could change the latter so that non-root and non-exim users invoking
> config files in ALT_CONFIG_PREFIX are *never* granted root privs, but
> I'm not sure we should. Comments?
> We might also want to have a colon-separated list of acceptable directories. In
> which case perhaps it shouldn't be repurposing ALT_CONFIG_PREFIX, but should be
> a new, different, option?
> We should *also* fix the CONFIGURE_USER and CONFIGURE_GROUP options, so that
> the exim user/group are not permitted to own the configuration files by default
Seems harmless. Even 'almost' transparent.
AFAIK they may be *permitted* to so own at present, but 'ordinarily' do not in
Eg: bog-standard *BSD install they are in ~/etc[/local]/exim/configure[n] and
owned by root:wheel anyway - not the exim daemon-runner or group.
(I can't speak for Linux)
Those using multiple [instance|parallel|selected] configs 'most likely' expect
to deal with several out of the ordinary situations, and could reasonably be
expected to support a change here in light of events.
This message was posted to the following mailing lists: