Author: David Woodhouse Date: To: Phil Pennock CC: exim-dev Subject: Re: [exim-dev] Candidate patches for privilege escalation
On Sun, 2010-12-12 at 05:28 -0500, Phil Pennock wrote: > > - Don't use config files as root if they're writeable by non-root
> > users/groups. Including the Exim user/group.
> This appears to be a mis-leading statement. Really, you're removing the
> Exim user/group from being permitted owners by default. But if instead
> we look at what you wrote as the goal, then this is awkward.
I gave you a fairly firm rebuttal to this, but I don't want to give the
impression that I'm not open to alternative suggestions. We do need to
be very careful about the privilege separation though, otherwise it's
just a fig leaf. I'd be very interested to hear alternatives if you have
OTOH if we *have* reached a consensus that what's in my git tree is
fairly much the way forward, then I'd like to push it today and then we
can concentrate on testing and making sure that the extra restrictions
haven't broken functionality in various corner cases.
This message was posted to the following mailing lists: