Re: [exim-dev] potential exploitation vector

Top Page

Reply to this message
Author: David Woodhouse
Date:  
To: Phil Pennock
CC: exim-dev, Yuri Arabadji
Subject: Re: [exim-dev] potential exploitation vector
On Wed, 2010-11-03 at 23:35 -0400, Phil Pennock wrote:
> On 2010-11-04 at 01:07 +0200, Yuri Arabadji wrote:
> > Hello, Phil.
> >
> > Thanks for your time spent on replying to my message. Let me take another
> > portion of it ;)
> >
> > The specific exim's build I'm using is deployed on many hosting servers across
> > the internet and it would be quite bad if this turns out to be an actual bug:
> > http://diff.cpanel.net/exim/4.69-23.1/src/exim-4.69-23.1_cpanel_maildir.src.rpm
> >
> > EXIM_USER is mailnull. exim -bP exim_user outputs mailnull.
> >
> > uid=47(mailnull) gid=47(mailnull) groups=47(mailnull)
> >
> > Please see the attached traces and especially the line
> > "Let's see what UIDs we've got" in exim.daemon.log.
> >
> > This is an almost unmodified CPanel exim installation. I'm attaching everything
> > relevant. It would be wonderful if you could explain what's going on there and
> > whether that is the expected behavior.
>
> You're quite right, I was mis-remembering the defaults of Exim. My
> apologies.
>
> We should probably look at changing the default value of
> system_filter_user.


If we're doing a 4.73 release with a bunch of privsep issues addressed,
this should probably be one of them. Is there a bug open for it?

--
dwmw2