Re: [exim-dev] [Bug 1044] CVE-2010-4345 exim privilege escal…

Góra strony
Delete this message
Reply to this message
Autor: Andreas Metzler
Data:  
Dla: exim-dev
Temat: Re: [exim-dev] [Bug 1044] CVE-2010-4345 exim privilege escalation
On 2010-12-10 David Woodhouse <dwmw2@???> wrote:
[....]
> We should *also* fix the CONFIGURE_USER and CONFIGURE_GROUP options,
> so that the exim user/group are not permitted to own the
> configuration files by default either.

[...]

Won't this cause problems when

a) the configuration file contains private data (sql passwords?) and
cannot be world readable

AND

b) exim4 is not SUID root?

What should be prohibited is that the configuration file or the
directory it lives in are /writeable/ by CONFIGURE_USER or
CONFIGURE_GROUP.

I am not running exim like this but was actually a little bit
surprised that (suid) exim works if CONFIGURE_USER:CONFIGURE_GROUP has
no read permissions on the configuration file.

cu andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'