David Woodhouse wrote:
> ------- You are receiving this mail because: -------
> You are on the CC list for the bug.
>
> http://bugs.exim.org/show_bug.cgi?id=1044
>
*snip*
> We could change the latter so that non-root and non-exim users invoking
> config files in ALT_CONFIG_PREFIX are *never* granted root privs, but
> I'm not sure we should. Comments?
+1
>
> We might also want to have a colon-separated list of acceptable directories. In
> which case perhaps it shouldn't be repurposing ALT_CONFIG_PREFIX, but should be
> a new, different, option?
>
+1
> We should *also* fix the CONFIGURE_USER and CONFIGURE_GROUP options, so that
> the exim user/group are not permitted to own the configuration files by default
> either.
>
>
Seems harmless. Even 'almost' transparent.
AFAIK they may be *permitted* to so own at present, but 'ordinarily' do not in
fact.
Eg: bog-standard *BSD install they are in ~/etc[/local]/exim/configure[n] and
owned by root:wheel anyway - not the exim daemon-runner or group.
(I can't speak for Linux)
Those using multiple [instance|parallel|selected] configs 'most likely' expect
to deal with several out of the ordinary situations, and could reasonably be
expected to support a change here in light of events.
Bill
