David Woodhouse wrote:
> ------- You are receiving this mail because: -------
> You are on the CC list for the bug.
>
> http://bugs.exim.org/show_bug.cgi?id=1044
>
>
>
>
> --- Comment #2 from David Woodhouse<dwmw2@???> 2010-12-11 00:23:42 ---
> I found a bug in that patch; we can't just refrain from setting config_changed.
> That flag is used for more than the decision of whether to drop privs. It's
> used in child.c too.
>
> I think I'm going to end up doing a new config option TRUSTED_CONFIG_PREFIXES
> which is a colon-separated list of acceptable prefixes (or full filenames).
>
>
Presuming there is at least one known and published default, the rest is up to:
- privs on where that/those files is/are
- admin's choice of obfuscation, if any
IOW - helpful, certainly.
Panacea? Probably not. Just a higher bar.
But still a good idea, IMHO
Bill
