Re: [exim-dev] Candidate patches for privilege escalation

Top Page

Reply to this message
Author: David Woodhouse
To: Phil Pennock
CC: exim-dev
Subject: Re: [exim-dev] Candidate patches for privilege escalation
On Sun, 2010-12-12 at 05:28 -0500, Phil Pennock wrote:
> How heavily has this change been tested in conjunction with doing actual
> deliveries when the daemon was started as root with -C/-D ?

You'll want the TRUSTED_CONFIG_PREFIX_LIST option to make that work with
-C, and as I said I haven't done much testing of that at all yet.

If you want to be able to specify -D on the command line and still have
things be trusted, there's no way to do that directly with my patchset
right now.

However, you can create a file which matches TRUSTED_CONFIG_PREFIX_LIST
and make it define the macro(s) you want and then include the main
config file, which has much the same effect although it *is* an extra
hoop to jump through.

In fact, you could do that to test your 'svn checkout as non-root'
config file too. Just make a root-owned file which includes the
non-root-owned one. If root *wants* to shoot herself in the foot that
way, we don't really prevent it.