Re: [exim-dev] Candidate patches for privilege escalation

Top Page

Reply to this message
Author: Andreas Metzler
Date:  
To: exim-dev
CC: David Woodhouse
Subject: Re: [exim-dev] Candidate patches for privilege escalation
On 2010-12-12 Phil Pennock <exim-dev@???> wrote:
> On 2010-12-12 at 03:10 +0000, David Woodhouse wrote:

[...]
> > - Kill ALT_CONFIG_ROOT_ONLY as discussed, so only root can specify
> > arbitrary files on the command line with the -C option. If the Exim
> > user uses -C, or uses the -D option to set macros, then root privs
> > will be dropped.


> But if the Exim daemon is started as root with -C/-D, isn't this how the
> changes are propagated into delivery instances, by having Exim re-exec
> itself with the -MC* internal options and *also* passing along the -C/-D
> options? Done with child_exec_exim().


> How heavily has this change been tested in conjunction with doing actual
> deliveries when the daemon was started as root with -C/-D ?


> Eg, are there setups which use things like -DTLS and optionally enable
> features this way from the cmdline with init-script config, rather than
> direct Exim config?

[...]

This seems to be the usual way to combine mailscanner with exim.

cu andreas