Re: [exim-dev] [PATCH 2/3] Don't allow a configure file whic…

Top Page
Delete this message
Reply to this message
Author: Andreas Metzler
Date:  
To: exim-dev
Subject: Re: [exim-dev] [PATCH 2/3] Don't allow a configure file which is writeable by the Exim user or group
Hello,

just two typos:

On 2010-12-11 David Woodhouse <dwmw2@???> wrote:
[...]
> +easy way to run commands as root. If you specify the a user or group in the
> +CONFIGURE_OWNER or CONFIGURE_GROUP options, then that user and/or any users
> +who are members of that group will trivially be able to obtain root privileges.


s/you specify the a user/you specify a user/

[...]
> diff --git a/src/src/readconf.c b/src/src/readconf.c
> index 954d546..414b7ae 100644
> --- a/src/src/readconf.c
> +++ b/src/src/readconf.c
> @@ -2883,13 +2883,12 @@ if (!config_changed)
>      log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to stat configuration file %s",
>        big_buffer);


> -  if ((statbuf.st_uid != root_uid &&             /* owner not root */
> -       statbuf.st_uid != exim_uid                /* owner not exim */
> +  if ((statbuf.st_uid != root_uid                /* owner not root */
>         #ifdef CONFIGURE_OWNER
>         && statbuf.st_uid != config_uid           /* owner not the special one */
>         #endif
>           ) ||                                    /* or */
> -      (statbuf.st_gid != exim_gid                /* group not exim & */
> +      (statbuf.st_gid != root_gid                /* group not exim & */

[...]

the comment needs an update. s/group not exim/group not root/

thanks, cu andreas